openstack/openstack-helm
Code Issues Proposed changes
openstack-helm/neutron/values.yaml
Artur Korzeniewski 83710071bb Neutron chart: add OVS firewall 
Add openvswitch based firewall, which is better than hybrid iptables one.
It does not interfere with k8s iptables rules on compute nodes.
The advantage is that VMs have access to the OpenStack API.

Change-Id: Ic6baef5867db962b3cb4709d7e6dce8a9a13584f
Closes-Bug: #1686371
2017-05-17 14:03:50 +02:00

493 lines
10 KiB
YAML
Raw Blame History

# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Default values for neutron.
# This is a YAML-formatted file.
# Declare name/value pairs to be passed into your templates.
# name: value
replicas:
server: 1
images:
db_init: docker.io/kolla/ubuntu-source-neutron-server:3.0.3
db_sync: docker.io/kolla/ubuntu-source-neutron-server:3.0.3
ks_user: docker.io/kolla/ubuntu-source-kolla-toolbox:3.0.3
ks_service: docker.io/kolla/ubuntu-source-kolla-toolbox:3.0.3
ks_endpoints: docker.io/kolla/ubuntu-source-kolla-toolbox:3.0.3
server: docker.io/kolla/ubuntu-source-neutron-server:3.0.3
dhcp: docker.io/kolla/ubuntu-source-neutron-dhcp-agent:3.0.3
metadata: docker.io/kolla/ubuntu-source-neutron-metadata-agent:3.0.3
l3: docker.io/kolla/ubuntu-source-neutron-l3-agent:3.0.3
neutron_openvswitch_agent: docker.io/kolla/ubuntu-source-neutron-openvswitch-agent:3.0.3
openvswitch_db_server: docker.io/kolla/ubuntu-source-openvswitch-db-server:3.0.3
openvswitch_vswitchd: docker.io/kolla/ubuntu-source-openvswitch-vswitchd:3.0.3
dep_check: docker.io/kolla/ubuntu-source-kubernetes-entrypoint:4.0.0
pull_policy: "IfNotPresent"
upgrades:
revision_history: 3
pod_replacement_strategy: RollingUpdate
rolling_update:
max_unavailable: 1
max_surge: 3
labels:
# ovs is a special case, requiring a special
# label that can apply to both control hosts
# and compute hosts, until we get more sophisticated
# with our daemonset scheduling
ovs:
node_selector_key: openvswitch
node_selector_value: enabled
agent:
dhcp:
node_selector_key: openstack-control-plane
node_selector_value: enabled
l3:
node_selector_key: openstack-control-plane
node_selector_value: enabled
metadata:
node_selector_key: openstack-control-plane
node_selector_value: enabled
server:
node_selector_key: openstack-control-plane
node_selector_value: enabled
network:
dns:
kubernetes_domain: cluster.local
# this must list the skydns server first, and in calico
# this is consistently 10.96.0.10
servers:
- 10.96.0.10
- 8.8.8.8
external_bridge: br-ex
ip_address: 0.0.0.0
interface:
external: enp12s0f0
default: enp11s0f0
server:
name: "neutron-server"
port: 9696
node_port:
enabled: false
port: 30096
metadata:
name: "neutron-metadata"
port: 8775
keystone:
admin_user: "admin"
admin_user_domain: "default"
admin_password: "password"
admin_project_name: "admin"
admin_project_domain: "default"
admin_region_name: "RegionOne"
neutron_user: "neutron"
neutron_user_domain: "default"
neutron_user_role: "admin"
neutron_password: "password"
neutron_project_name: "service"
neutron_project_domain: "default"
neutron_region_name: "RegionOne"
metadata_agent:
default:
debug: 'True'
neutron:
workers: 4
default:
l3_ha_network_type: gre
debug: 'True'
metadata:
workers: 4
ml2:
ovs:
auto_bridge_add:
br-physnet1: enp11s0f0
bridge_mappings:
- "physnet1:br-physnet1"
dependencies:
db_init:
jobs:
- mariadb-seed
service:
- mariadb
db_sync:
jobs:
- neutron-db-init
service:
- mariadb
ks_user:
service:
- keystone-api
ks_service:
service:
- keystone-api
ks_endpoints:
jobs:
- neutron-ks-service
service:
- keystone-api
server:
jobs:
- neutron-db-sync
- neutron-ks-user
- neutron-ks-endpoints
service:
- rabbitmq
- mariadb
- keystone-api
- memcached
dhcp:
service:
- rabbitmq
- neutron-server
- nova-api
daemonset:
- ovs-agent
metadata:
service:
- rabbitmq
- neutron-server
- nova-api
daemonset:
- ovs-agent
ovs_agent:
service:
- rabbitmq
- neutron-server
l3:
service:
- rabbitmq
- neutron-server
- nova-api
daemonset:
- ovs-agent
resources:
enabled: false
agent:
dhcp:
limits:
memory: "128Mi"
cpu: "500m"
requests:
memory: "128Mi"
cpu: "500m"
l3:
limits:
memory: "128Mi"
cpu: "500m"
requests:
memory: "128Mi"
cpu: "500m"
metadata:
limits:
memory: "128Mi"
cpu: "500m"
requests:
memory: "128Mi"
cpu: "500m"
ovs:
agent:
limits:
memory: "128Mi"
cpu: "500m"
requests:
memory: "128Mi"
cpu: "500m"
db:
limits:
memory: "128Mi"
cpu: "500m"
requests:
memory: "128Mi"
cpu: "500m"
vswitchd:
limits:
memory: "128Mi"
cpu: "500m"
requests:
memory: "128Mi"
cpu: "500m"
server:
limits:
memory: "128Mi"
cpu: "500m"
requests:
memory: "128Mi"
cpu: "500m"
jobs:
db_sync:
limits:
memory: "128Mi"
cpu: "500m"
requests:
memory: "128Mi"
cpu: "500m"
init:
limits:
memory: "128Mi"
cpu: "500m"
requests:
memory: "128Mi"
cpu: "500m"
post:
limits:
memory: "128Mi"
cpu: "500m"
requests:
memory: "128Mi"
cpu: "500m"
conf:
paste:
override:
append:
policy:
override:
append:
neutron:
override:
append:
default:
neutron:
api_workers: 4
allow_overlapping_ips: True
core_plugin: ml2
service_plugins: router
interface_driver: openvswitch
metadata_proxy_socket: /var/lib/neutron/openstack-helm/metadata_proxy
db:
allow_automatic_l3agent_failover: True
l3_ha: True
min_l3_agents_per_router: 2
max_l3_agents_per_router: 2
l3_ha_network_type: vxlan
dhcp_agents_per_network: 3
network_auto_schedule: True
router_auto_schedule: True
agent:
interface_driver: openvswitch
oslo_concurrency:
oslo:
concurrency:
lock_path: /var/lib/neutron/tmp
database:
oslo:
db:
max_retries: -1
agent:
neutron:
agent:
root_helper: sudo /var/lib/kolla/venv/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
l2_population: True
arp_responder: True
oslo_messaging_notifications:
oslo:
messaging:
driver:
- noop
nova:
nova:
auth:
auth_type: password
region_name: RegionOne
project_domain_name: default
project_name: service
user_domain_name: default
username: nova
password: password
keystone_authtoken:
keystonemiddleware:
auth_token:
auth_type: password
auth_version: v3
region_name: RegionOne
project_domain_name: default
project_name: service
user_domain_name: default
username: neutron
password: password
ml2_conf:
override:
append:
ml2:
neutron:
ml2:
extension_drivers: port_security
mechanism_drivers: openvswitch,l2population
type_drivers: flat,vlan,vxlan
tenant_network_types: vxlan
ml2_type_vxlan:
neutron:
ml2:
vni_ranges: 1:1000
vxlan_group: 239.1.1.1
ml2_type_flat:
neutron:
ml2:
flat_networks: "*"
ml2_type_vlan:
neutron:
ml2:
network_vlan_ranges: "physnet1:1100:1110"
ml2_conf_sriov:
override:
append:
dhcp_agent:
override:
append:
default:
neutron:
base:
agent:
interface_driver: openvswitch
dhcp:
agent:
dnsmasq_config_file: /etc/neutron/dnsmasq.conf
enable_isolated_metadata: True
force_metadata: True
l3_agent:
override:
append:
default:
neutron:
base:
agent:
interface_driver: openvswitch
l3:
agent:
agent_mode: legacy
enable_metadata_proxy: True
enable_isolated_metadata: True
openvswitch_agent:
override:
append:
ovs:
neutron:
ml2:
ovs:
agent:
tunnel_types: vxlan
ovsdb_connection: unix:/var/run/openvswitch/db.sock
securitygroup:
neutron:
ml2:
ovs:
agent:
firewall_driver: openvswitch
metering_agent:
override:
append:
metadata_agent:
override:
append:
sriov_agent:
override:
append:
macvtap_agent:
override:
append:
linuxbridge_agent:
override:
append:
# typically overriden by environmental
# values, but should include all endpoints
# required by this chart
endpoints:
oslo_db:
auth:
admin:
username: root
password: password
user:
username: neutron
password: password
hosts:
default: mariadb
path: /neutron
scheme: mysql+pymysql
port:
mysql: 3306
oslo_messaging:
auth:
admin:
username: admin
password: password
user:
username: rabbitmq
password: password
hosts:
default: rabbitmq
path: /
scheme: rabbit
port:
amqp: 5672
oslo_cache:
hosts:
default: memcache
port:
memcache: 11211
compute:
name: nova
hosts:
default: nova-api
path: "/v2/%(tenant_id)s"
scheme: 'http'
port:
api: 8774
metadata: 8775
novncproxy: 6080
identity:
name: keystone
hosts:
default: keystone-api
path: /v3
scheme: 'http'
port:
admin: 35357
api: 5000
network:
name: neutron
hosts:
default: neutron-server
path: null
scheme: 'http'
port:
api: 9696
oslo_db:
auth:
admin:
username: root
password: password
user:
username: neutron
password: password
hosts:
default: mariadb
path: /neutron
scheme: mysql+pymysql
port:
mysql: 3306
View Git Blame Copy Permalink