openstack/openstack-helm
Code Issues Proposed changes

feat: add OVN VPNaaS support

Browse Source 
ovn vpnaas is now supported with [1]. Add it to neutron ovn mode

[1] https://review.opendev.org/c/openstack/neutron-vpnaas/+/765353

Change-Id: I03f133e544afa6f93f35ff206cd5869a74d54dfd
This commit is contained in:
ricolin 2023-12-22 17:56:00 +08:00
parent f9e5bd3d31
commit 27cfc11310
9 changed files with 425 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
neutron/Chart.yaml
View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0
description: OpenStack-Helm Neutron
name: neutron
version: 0.3.43
version: 0.3.44
home: https://docs.openstack.org/neutron/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Neutron/OpenStack_Project_Neutron_vertical.png
sources:

27
neutron/templates/bin/_neutron-ovn-vpn-agent-init.sh.tpl Normal file
View File

@ -0,0 +1,27 @@
#!/bin/bash
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -ex
chown ${NEUTRON_USER_UID} /var/lib/neutron/openstack-helm
{{- if and ( empty .Values.conf.neutron.DEFAULT.host ) ( .Values.pod.use_fqdn.neutron_agent ) }}
mkdir -p /tmp/pod-shared
tee > /tmp/pod-shared/neutron-agent.ini << EOF
[DEFAULT]
host = $(hostname --fqdn)
EOF
{{- end }}

27
neutron/templates/bin/_neutron-ovn-vpn-agent.sh.tpl Normal file
View File

@ -0,0 +1,27 @@
#!/bin/bash
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -x
exec neutron-ovn-vpn-agent \
--config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/neutron_vpnaas.conf \
--config-file /etc/neutron/neutron_ovn_vpn_agent.ini \
{{- if and ( empty .Values.conf.neutron.DEFAULT.host ) ( .Values.pod.use_fqdn.neutron_agent ) }}
--config-file /tmp/pod-shared/neutron-agent.ini \
{{- end }}
--config-file /tmp/pod-shared/ovn.ini

4
neutron/templates/configmap-bin.yaml
View File

@ -109,6 +109,10 @@ data:
{{ tuple "bin/_neutron-ovn-metadata-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
neutron-ovn-init.sh: |
{{ tuple "bin/_neutron-ovn-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
neutron-ovn-vpn-agent-init.sh: |
{{ tuple "bin/_neutron-ovn-vpn-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
neutron-ovn-vpn-agent.sh: |
{{ tuple "bin/_neutron-ovn-vpn-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- else }}
neutron-metadata-agent.sh: |
{{ tuple "bin/_neutron-metadata-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}

2
neutron/templates/configmap-etc.yaml
View File

@ -317,12 +317,14 @@ data:
neutron_sudoers: {{ $envAll.Values.conf.neutron_sudoers | b64enc }}
rootwrap.conf: {{ $envAll.Values.conf.rootwrap | b64enc }}
auto_bridge_add: {{ toJson $envAll.Values.conf.auto_bridge_add | b64enc }}
neutron_vpnaas.conf: {{ default "\"\"" (include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.neutron_vpnaas | b64enc) }}
{{- if .Values.conf.netoffload.enabled }}
netoffload: {{ toJson $envAll.Values.conf.netoffload | b64enc }}
{{- end }}
dpdk.conf: {{ toJson $envAll.Values.conf.ovs_dpdk | b64enc }}
update_dpdk_bond_config: {{ $envAll.Values.conf.ovs_dpdk.update_dpdk_bond_config | toString | b64enc }}
{{- if ( has "ovn" .Values.network.backend ) }}
neutron_ovn_vpn_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.ovn_vpn_agent | b64enc }}
ovn_metadata_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.ovn_metadata_agent | b64enc }}
{{- else }}
metadata_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.metadata_agent | b64enc }}

261
neutron/templates/daemonset-neutron-ovn-vpn-agent.yaml Normal file
View File

@ -0,0 +1,261 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- define "ovnVPNAgentReadinessProbeTemplate" }}
exec:
command:
- python
- /tmp/health-probe.py
- --config-file
- /etc/neutron/neutron.conf
- --config-file
- /etc/neutron/neutron_vpnaas.conf
- --config-file
- /etc/neutron/neutron_ovn_vpn_agent.ini
{{- if .Values.pod.use_fqdn.neutron_agent }}
- --use-fqdn
{{- end }}
{{- end }}
{{- define "ovnVPNAgentLivenessProbeTemplate" }}
exec:
command:
- python
- /tmp/health-probe.py
- --config-file
- /etc/neutron/neutron.conf
- --config-file
- /etc/neutron/neutron_vpnaas.conf
- --config-file
- /etc/neutron/neutron_ovn_vpn_agent.ini
- --liveness-probe
{{- if .Values.pod.use_fqdn.neutron_agent }}
- --use-fqdn
{{- end }}
{{- end }}
{{- define "neutron.ovn_vpn_agent.daemonset" }}
{{- $daemonset := index . 0 }}
{{- $configMapName := index . 1 }}
{{- $serviceAccountName := index . 2 }}
{{- $envAll := index . 3 }}
{{- with $envAll }}
{{- $mounts_ovn_vpn_agent := .Values.pod.mounts.ovn_vpn_agent.ovn_vpn_agent }}
{{- $mounts_ovn_vpn_agent_init := .Values.pod.mounts.ovn_vpn_agent.init_container }}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: neutron-ovn-vpn-agent
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
labels:
{{ tuple $envAll "neutron" "ovn-vpn-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
selector:
matchLabels:
{{ tuple $envAll "neutron" "ovn-vpn-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
{{ tuple $envAll "ovn_vpn_agent" | include "helm-toolkit.snippets.kubernetes_upgrades_daemonset" | indent 2 }}
template:
metadata:
labels:
{{ tuple $envAll "neutron" "ovn-vpn-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
{{ dict "envAll" $envAll "application" "ovn_vpn_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
serviceAccountName: {{ $serviceAccountName }}
{{ if $envAll.Values.pod.tolerations.neutron.enabled }}
{{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
{{ end }}
nodeSelector:
{{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }}
dnsPolicy: ClusterFirstWithHostNet
hostNetwork: true
{{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
shareProcessNamespace: true
{{- else }}
hostPID: true
{{- end }}
initContainers:
{{ tuple $envAll "pod_dependency" $mounts_ovn_vpn_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
- name: ovn-vpn-agent-init
{{ tuple $envAll "neutron_ovn_vpn" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.agent.ovn_vpn | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "ovn_vpn_agent" "container" "ovn_vpn_agent_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
env:
- name: NEUTRON_USER_UID
value: "{{ .Values.pod.security_context.ovn_vpn_agent.pod.runAsUser }}"
command:
- /tmp/neutron-ovn-vpn-agent-init.sh
volumeMounts:
- name: pod-tmp
mountPath: /tmp
- name: neutron-bin
mountPath: /tmp/neutron-ovn-vpn-agent-init.sh
subPath: neutron-ovn-vpn-agent-init.sh
readOnly: true
- name: neutron-etc
mountPath: /etc/neutron/neutron.conf
subPath: neutron.conf
readOnly: true
- name: socket
mountPath: /var/lib/neutron/openstack-helm
- name: ovn-neutron-init
{{ tuple $envAll "neutron_ovn_vpn" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.agent.ovn_vpn | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "ovn_vpn_agent" "container" "ovn_vpn_agent_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
command:
- /tmp/neutron-ovn-init.sh
volumeMounts:
- name: pod-tmp
mountPath: /tmp
- name: neutron-bin
mountPath: /tmp/neutron-ovn-init.sh
subPath: neutron-ovn-init.sh
readOnly: true
containers:
- name: neutron-ovn-vpn-agent
{{ tuple $envAll "neutron_ovn_vpn" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.agent.ovn_vpn | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
env:
- name: RPC_PROBE_TIMEOUT
value: "{{ .Values.pod.probes.rpc_timeout }}"
- name: RPC_PROBE_RETRIES
value: "{{ .Values.pod.probes.rpc_retries }}"
{{ dict "envAll" $envAll "component" "ovn_vpn_agent" "container" "ovn_vpn_agent" "type" "readiness" "probeTemplate" (include "ovnVPNAgentReadinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
{{ dict "envAll" $envAll "component" "ovn_vpn_agent" "container" "ovn_vpn_agent" "type" "liveness" "probeTemplate" (include "ovnVPNAgentLivenessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
securityContext:
privileged: true
command:
- /tmp/neutron-ovn-vpn-agent.sh
volumeMounts:
- name: run
mountPath: /run
- name: pod-tmp
mountPath: /tmp
- name: pod-var-neutron
mountPath: {{ .Values.conf.neutron.DEFAULT.state_path }}
- name: neutron-bin
mountPath: /tmp/neutron-ovn-vpn-agent.sh
subPath: neutron-ovn-vpn-agent.sh
readOnly: true
- name: neutron-bin
mountPath: /tmp/health-probe.py
subPath: health-probe.py
readOnly: true
- name: neutron-etc
mountPath: /etc/neutron/neutron.conf
subPath: neutron.conf
readOnly: true
{{- if .Values.conf.neutron.DEFAULT.log_config_append }}
- name: neutron-etc
mountPath: {{ .Values.conf.neutron.DEFAULT.log_config_append }}
subPath: {{ base .Values.conf.neutron.DEFAULT.log_config_append }}
readOnly: true
{{- end }}
- name: neutron-etc
mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini
subPath: ml2_conf.ini
readOnly: true
{{- if ( has "openvswitch" .Values.network.backend ) }}
- name: neutron-etc
mountPath: /etc/neutron/plugins/ml2/openvswitch_agent.ini
subPath: openvswitch_agent.ini
readOnly: true
{{- end }}
- name: neutron-etc
mountPath: /etc/neutron/neutron_vpnaas.conf
subPath: neutron_vpnaas.conf
readOnly: true
- name: neutron-etc
mountPath: /etc/neutron/neutron_ovn_vpn_agent.ini
subPath: neutron_ovn_vpn_agent.ini
readOnly: true
- name: neutron-etc
# NOTE (Portdirect): We mount here to override Kollas
# custom sudoers file when using Kolla images, this
# location will also work fine for other images.
mountPath: /etc/sudoers.d/kolla_neutron_sudoers
subPath: neutron_sudoers
readOnly: true
- name: neutron-etc
mountPath: /etc/neutron/rootwrap.conf
subPath: rootwrap.conf
readOnly: true
{{- range $key, $value := $envAll.Values.conf.rootwrap_filters }}
{{- if ( has "ovn_vpn_agent" $value.pods ) }}
{{- $filePrefix := replace "_" "-" $key }}
{{- $rootwrapFile := printf "/etc/neutron/rootwrap.d/%s.filters" $filePrefix }}
- name: neutron-etc
mountPath: {{ $rootwrapFile }}
subPath: {{ base $rootwrapFile }}
readOnly: true
{{- end }}
{{- end }}
- name: socket
mountPath: /var/lib/neutron/openstack-helm
{{- if .Values.network.share_namespaces }}
- name: host-run-netns
mountPath: /run/netns
mountPropagation: Bidirectional
{{- end }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute_metadata.metadata.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_ovn_vpn_agent.volumeMounts }}{{ toYaml $mounts_ovn_vpn_agent.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
emptyDir: {}
- name: pod-var-neutron
emptyDir: {}
- name: run
hostPath:
path: /run
- name: neutron-bin
configMap:
name: neutron-bin
defaultMode: 0555
- name: neutron-etc
secret:
secretName: {{ $configMapName }}
defaultMode: 0444
- name: socket
hostPath:
path: /var/lib/neutron/openstack-helm
{{- if .Values.network.share_namespaces }}
- name: host-run-netns
hostPath:
path: /run/netns
{{- end }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute_metadata.metadata.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_ovn_vpn_agent.volumes }}{{ toYaml $mounts_ovn_vpn_agent.volumes | indent 8 }}{{ end }}
{{- end }}
{{- end }}
{{- if .Values.manifests.daemonset_ovn_vpn_agent }}
{{- $envAll := . }}
{{- $daemonset := "ovn-vpn-agent" }}
{{- $configMapName := "neutron-etc" }}
{{- $serviceAccountName := "neutron-ovn-vpn-agent" }}
{{- $dependencyOpts := dict "envAll" $envAll "dependencyMixinParam" $envAll.Values.network.backend "dependencyKey" "ovn_vpn_agent" -}}
{{- $_ := include "helm-toolkit.utils.dependency_resolver" $dependencyOpts | toString | fromYaml }}
{{ tuple $envAll "pod_dependency" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
{{- $daemonset_yaml := list $daemonset $configMapName $serviceAccountName . | include "neutron.ovn_vpn_agent.daemonset" | toString | fromYaml }}
{{- $configmap_yaml := "neutron.configmap.etc" }}
{{- list $daemonset $daemonset_yaml $configmap_yaml $configMapName . | include "helm-toolkit.utils.daemonset_overrides" }}
{{- end }}

68
neutron/values.yaml
View File

@ -36,6 +36,7 @@ images:
neutron_dhcp: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
neutron_metadata: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
neutron_ovn_metadata: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
neutron_ovn_vpn: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
neutron_l3: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
neutron_l2gw: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
neutron_openvswitch_agent: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
@ -304,6 +305,17 @@ dependencies:
service: compute_metadata
- endpoint: internal
service: network
ovn_vpn_agent:
pod:
- requireSameNode: true
labels:
application: ovn
component: ovn-controller
services:
- endpoint: internal
service: oslo_messaging
- endpoint: internal
service: network
ovs_agent:
jobs:
- neutron-rabbit-init
@ -423,6 +435,20 @@ pod:
initialDelaySeconds: 120
periodSeconds: 600
timeoutSeconds: 580
ovn_vpn_agent:
ovn_vpn_agent:
readiness:
enabled: true
params:
initialDelaySeconds: 30
periodSeconds: 190
timeoutSeconds: 185
liveness:
enabled: true
params:
initialDelaySeconds: 120
periodSeconds: 600
timeoutSeconds: 580
ovn_metadata_agent:
ovn_metadata_agent:
readiness:
@ -583,6 +609,13 @@ pod:
neutron_ovn_metadata_agent_init:
runAsUser: 0
readOnlyRootFilesystem: true
ovn_vpn_agent:
pod:
runAsUser: 42424
container:
ovn_vpn_agent_init:
runAsUser: 0
readOnlyRootFilesystem: true
neutron_ovs_agent:
pod:
runAsUser: 42424
@ -701,6 +734,11 @@ pod:
neutron_ovn_metadata_agent:
volumeMounts:
volumes:
ovn_vpn_agent:
init_container: null
ovn_vpn_agent:
volumeMounts:
volumes:
neutron_ovs_agent:
init_container: null
neutron_ovs_agent:
@ -788,6 +826,10 @@ pod:
enabled: true
min_ready_seconds: 0
max_unavailable: 1
ovn_vpn_agent:
enabled: true
min_ready_seconds: 0
max_unavailable: 1
ovs_agent:
enabled: true
min_ready_seconds: 0
@ -848,6 +890,13 @@ pod:
limits:
memory: "1024Mi"
cpu: "2000m"
ovn_vpn:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
ovs:
requests:
memory: "128Mi"
@ -1393,6 +1442,7 @@ conf:
- lb_agent
- metadata_agent
- ovn_metadata_agent
- ovn_vpn_agent
- ovs_agent
- sriov_agent
content: |
@ -1421,6 +1471,7 @@ conf:
- lb_agent
- metadata_agent
- ovn_metadata_agent
- ovn_vpn_agent
- ovs_agent
- sriov_agent
content: |
@ -1447,6 +1498,7 @@ conf:
- lb_agent
- metadata_agent
- ovn_metadata_agent
- ovn_vpn_agent
- ovs_agent
- sriov_agent
content: |
@ -1469,6 +1521,7 @@ conf:
- lb_agent
- metadata_agent
- ovn_metadata_agent
- ovn_vpn_agent
- ovs_agent
- sriov_agent
content: |
@ -1560,6 +1613,7 @@ conf:
- lb_agent
- metadata_agent
- ovn_metadata_agent
- ovn_vpn_agent
- ovs_agent
- sriov_agent
- netns_cleanup_cron
@ -1583,6 +1637,7 @@ conf:
- lb_agent
- metadata_agent
- ovn_metadata_agent
- ovn_vpn_agent
- ovs_agent
- sriov_agent
- netns_cleanup_cron
@ -1633,6 +1688,7 @@ conf:
- lb_agent
- metadata_agent
- ovn_metadata_agent
- ovn_vpn_agent
- ovs_agent
- sriov_agent
content: |
@ -1654,6 +1710,7 @@ conf:
- lb_agent
- metadata_agent
- ovn_metadata_agent
- ovn_vpn_agent
- ovs_agent
- sriov_agent
content: |
@ -1691,6 +1748,7 @@ conf:
- lb_agent
- metadata_agent
- ovn_metadata_agent
- ovn_vpn_agent
- ovs_agent
- sriov_agent
content: |
@ -1729,6 +1787,7 @@ conf:
- lb_agent
- metadata_agent
- ovn_metadata_agent
- ovn_vpn_agent
- ovs_agent
- sriov_agent
content: |
@ -1767,6 +1826,7 @@ conf:
- lb_agent
- metadata_agent
- ovn_metadata_agent
- ovn_vpn_agent
- ovs_agent
- sriov_agent
- netns_cleanup_cron
@ -2068,6 +2128,14 @@ conf:
#dhcp-option=3,10.10.10.1
#dhcp-option-force=26,1450
neutron_vpnaas: null
ovn_vpn_agent:
DEFAULT:
interface_driver: openvswitch
vpnagent:
vpn_device_driver: neutron_vpnaas.services.vpn.device_drivers.ovn_ipsec.OvnStrongSwanDriver
ovs:
ovsdb_connection: unix:/run/openvswitch/db.sock
l3_agent:
DEFAULT:
# (NOTE)portdirect: if unset this is populated dyanmicly from the value in

34
neutron/values_overrides/ovn_vpn.yaml Normal file
View File

@ -0,0 +1,34 @@
---
network:
backend:
- openvswitch
- ovn
conf:
neutron:
DEFAULT:
router_distributed: true
service_plugins: ovn-router,ovn-vpnaas
l3_ha_network_type: geneve
ovn_vpn_agent:
service_providers:
service_provider: VPN:strongswan:neutron_vpnaas.services.vpn.service_drivers.ovn_ipsec.IPsecOvnVPNDriver:default
plugins:
ml2_conf:
ml2:
extension_drivers: port_security
type_drivers: flat,vxlan,geneve
tenant_network_types: geneve
ovn:
ovn_l3_scheduler: leastloaded
dns_servers: 8.8.8.8,1.1.1.1
neutron_sync_mode: repair
manifests:
daemonset_dhcp_agent: false
daemonset_l3_agent: false
daemonset_metadata_agent: false
daemonset_ovs_agent: false
daemonset_ovn_metadata_agent: true
daemonset_ovn_vpn_agent: true

1
releasenotes/notes/neutron.yaml
View File

@ -85,4 +85,5 @@ neutron:
- 0.3.41 Enable custom annotations for Openstack secrets
- 0.3.42 Update images used by default
- 0.3.43 Switch neutron to uWSGI
- 0.3.44 Add OVN VPNaas support
...