Fix iptables locking in L3 neutron container

The L3 neutron agent uses the -W flag when adding new iptable rules.
That flag verifies if the lock is free to avoid race conditions. The
lock is normally /run/xtables.lock.

In iptables <1.6.2, if the file does not exist, iptables ignores the
lock and silently continues. Starting with 1.6.2, that behaviour changed
and if the file does not exist, iptables fails:

https://git.netfilter.org/iptables/commit/?id=80d8bfaac9e2430d710084a10ec78e68bd61e6ec

Leap 15.0 is using iptables 1.6.2 whereas Ubuntu Bionic uses 1.6.1.
That is why Ubuntu compute-kit gates where working whereas openSUSE
compute-kit gate was not

This patch fixes the gate problem by mounting /run/xtables.lock

Change-Id: Ia9c648cdf95c9824b34f40a6d9ed538a2cad5154
Signed-off-by: Manuel Buil <mbuil@suse.com>

neutron/templates/daemonset-l3-agent.yaml

@@ -160,6 +160,8 @@ spec:
             - name: libmodules
               mountPath: /lib/modules
               readOnly: true
+            - name: iptables-lockfile
+              mountPath: /run/xtables.lock
             - name: socket
               mountPath: /var/lib/neutron/openstack-helm
             {{- if .Values.network.share_namespaces }}
@@ -184,6 +186,9 @@ spec:
         - name: libmodules
           hostPath:
             path: /lib/modules
+        - name: iptables-lockfile
+          hostPath:
+            path: /run/xtables.lock
         - name: socket
           hostPath:
             path: /var/lib/neutron/openstack-helm