Change-Id: Iacf6423399d51134af5b00b472ef6b42e17dfd6a
This commit is contained in:
Sadegh Hayeri 2023-03-14 14:05:25 +03:30
parent 884a734833
commit c83582a866
20 changed files with 654 additions and 8 deletions

View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0 appVersion: v1.0.0
description: OpenStack-Helm Neutron description: OpenStack-Helm Neutron
name: neutron name: neutron
version: 0.3.2 version: 0.3.3
home: https://docs.openstack.org/neutron/latest/ home: https://docs.openstack.org/neutron/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Neutron/OpenStack_Project_Neutron_vertical.png icon: https://www.openstack.org/themes/openstack/images/project-mascots/Neutron/OpenStack_Project_Neutron_vertical.png
sources: sources:

View File

@ -0,0 +1,27 @@
#!/bin/bash
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -ex
chown ${NEUTRON_USER_UID} /var/lib/neutron/openstack-helm
{{- if and ( empty .Values.conf.neutron.DEFAULT.host ) ( .Values.pod.use_fqdn.neutron_agent ) }}
mkdir -p /tmp/pod-shared
tee > /tmp/pod-shared/neutron-agent.ini << EOF
[DEFAULT]
host = $(hostname --fqdn)
EOF
{{- end }}

View File

@ -0,0 +1,33 @@
#!/bin/bash
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -x
cp /etc/neutron/ovn_metadata_agent.ini /tmp/ovn_metadata_agent.ini
# This is because neutron doesn't support DNS names for ovsdb-nb-connection and ovsdb-sb-connection!
sed -i -e "s|__OVN_NB_DB_SERVICE_HOST__|$OVN_NB_DB_SERVICE_HOST|g" /tmp/ovn_metadata_agent.ini
sed -i -e "s|__OVN_NB_DB_SERVICE_PORT__|$OVN_NB_DB_SERVICE_PORT|g" /tmp/ovn_metadata_agent.ini
sed -i -e "s|__OVN_SB_DB_SERVICE_HOST__|$OVN_SB_DB_SERVICE_HOST|g" /tmp/ovn_metadata_agent.ini
sed -i -e "s|__OVN_SB_DB_SERVICE_PORT__|$OVN_SB_DB_SERVICE_PORT|g" /tmp/ovn_metadata_agent.ini
exec neutron-ovn-metadata-agent \
--config-file /etc/neutron/neutron.conf \
{{- if and ( empty .Values.conf.neutron.DEFAULT.host ) ( .Values.pod.use_fqdn.neutron_agent ) }}
--config-file /tmp/pod-shared/neutron-agent.ini \
{{- end }}
--config-file /tmp/ovn_metadata_agent.ini

View File

@ -0,0 +1,26 @@
#!/bin/bash
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -ex
mkdir -p /tmp/pod-shared
cp /etc/neutron/plugins/ml2/ml2_conf.ini /tmp/pod-shared/ml2_conf.ini
# This is because neutron doesn't support DNS names for ovsdb-nb-connection and ovsdb-sb-connection!
sed -i -e "s|__OVN_NB_DB_SERVICE_HOST__|$OVN_NB_DB_SERVICE_HOST|g" /tmp/pod-shared/ml2_conf.ini
sed -i -e "s|__OVN_NB_DB_SERVICE_PORT__|$OVN_NB_DB_SERVICE_PORT|g" /tmp/pod-shared/ml2_conf.ini
sed -i -e "s|__OVN_SB_DB_SERVICE_HOST__|$OVN_SB_DB_SERVICE_HOST|g" /tmp/pod-shared/ml2_conf.ini
sed -i -e "s|__OVN_SB_DB_SERVICE_PORT__|$OVN_SB_DB_SERVICE_PORT|g" /tmp/pod-shared/ml2_conf.ini

View File

@ -22,6 +22,8 @@ function start () {
--config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/neutron.conf \
{{- if ( has "tungstenfabric" .Values.network.backend ) }} {{- if ( has "tungstenfabric" .Values.network.backend ) }}
--config-file /etc/neutron/plugins/tungstenfabric/tf_plugin.ini --config-file /etc/neutron/plugins/tungstenfabric/tf_plugin.ini
{{- else if ( has "ovn" .Values.network.backend ) }}
--config-file /tmp/pod-shared/ml2_conf.ini
{{- else }} {{- else }}
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/neutron/plugins/ml2/ml2_conf.ini
{{- end }} {{- end }}

View File

@ -59,10 +59,6 @@ data:
{{ tuple "bin/_neutron-linuxbridge-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_neutron-linuxbridge-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
neutron-linuxbridge-agent-init-modules.sh: | neutron-linuxbridge-agent-init-modules.sh: |
{{ tuple "bin/_neutron-linuxbridge-agent-init-modules.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_neutron-linuxbridge-agent-init-modules.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
neutron-metadata-agent.sh: |
{{ tuple "bin/_neutron-metadata-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
neutron-metadata-agent-init.sh: |
{{ tuple "bin/_neutron-metadata-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
neutron-openvswitch-agent.sh: | neutron-openvswitch-agent.sh: |
{{ tuple "bin/_neutron-openvswitch-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_neutron-openvswitch-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
neutron-openvswitch-agent-init.sh: | neutron-openvswitch-agent-init.sh: |
@ -95,6 +91,21 @@ data:
{{- include "helm-toolkit.scripts.rabbit_init" . | indent 4 }} {{- include "helm-toolkit.scripts.rabbit_init" . | indent 4 }}
neutron-test-force-cleanup.sh: | neutron-test-force-cleanup.sh: |
{{ tuple "bin/_neutron-test-force-cleanup.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_neutron-test-force-cleanup.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- if ( has "ovn" .Values.network.backend ) }}
neutron-ovn-metadata-agent.sh: |
{{ tuple "bin/_neutron-ovn-metadata-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
neutron-ovn-metadata-agent-init.sh: |
{{ tuple "bin/_neutron-ovn-metadata-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
neutron-server-ovn-init.sh: |
{{ tuple "bin/_neutron-server-ovn-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- else }}
neutron-metadata-agent.sh: |
{{ tuple "bin/_neutron-metadata-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
neutron-metadata-agent-init.sh: |
{{ tuple "bin/_neutron-metadata-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- end }}
{{- if ( has "tungstenfabric" .Values.network.backend ) }} {{- if ( has "tungstenfabric" .Values.network.backend ) }}
tf-plugin.pth: | tf-plugin.pth: |
/opt/plugin/site-packages /opt/plugin/site-packages

View File

@ -263,7 +263,6 @@ data:
api_audit_map.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.api_audit_map | b64enc }} api_audit_map.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.api_audit_map | b64enc }}
dhcp_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.dhcp_agent | b64enc }} dhcp_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.dhcp_agent | b64enc }}
l3_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.l3_agent | b64enc }} l3_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.l3_agent | b64enc }}
metadata_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.metadata_agent | b64enc }}
metering_agent.ini: {{ default "\"\"" (include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.metering_agent | b64enc) }} metering_agent.ini: {{ default "\"\"" (include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.metering_agent | b64enc) }}
taas_plugin.ini: {{ default "\"\"" (include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.taas_plugin | b64enc) }} taas_plugin.ini: {{ default "\"\"" (include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.taas_plugin | b64enc) }}
ml2_conf.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.ml2_conf | b64enc }} ml2_conf.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.ml2_conf | b64enc }}
@ -284,6 +283,12 @@ data:
auto_bridge_add: {{ toJson $envAll.Values.conf.auto_bridge_add | b64enc }} auto_bridge_add: {{ toJson $envAll.Values.conf.auto_bridge_add | b64enc }}
dpdk.conf: {{ toJson $envAll.Values.conf.ovs_dpdk | b64enc }} dpdk.conf: {{ toJson $envAll.Values.conf.ovs_dpdk | b64enc }}
update_dpdk_bond_config: {{ $envAll.Values.conf.ovs_dpdk.update_dpdk_bond_config | toString | b64enc }} update_dpdk_bond_config: {{ $envAll.Values.conf.ovs_dpdk.update_dpdk_bond_config | toString | b64enc }}
{{- if ( has "ovn" .Values.network.backend ) }}
ovn_metadata_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.ovn_metadata_agent | b64enc }}
{{- else }}
metadata_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.metadata_agent | b64enc }}
{{- end }}
{{- if .Values.manifests.certificates }} {{- if .Values.manifests.certificates }}
{{- include "helm-toolkit.snippets.values_template_renderer" ( dict "envAll" $envAll "template" .Values.conf.nginx "key" "nginx.conf" "format" "Secret" ) | indent 2 }} {{- include "helm-toolkit.snippets.values_template_renderer" ( dict "envAll" $envAll "template" .Values.conf.nginx "key" "nginx.conf" "format" "Secret" ) | indent 2 }}
{{- end }} {{- end }}

View File

@ -0,0 +1,243 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- define "ovnMetadataAgentReadinessProbeTemplate" }}
exec:
command:
- python
- /tmp/health-probe.py
- --config-file
- /etc/neutron/neutron.conf
- --config-file
- /etc/neutron/ovn_metadata_agent.ini
{{- if .Values.pod.use_fqdn.neutron_agent }}
- --use-fqdn
{{- end }}
{{- end }}
{{- define "ovnMetadataAgentLivenessProbeTemplate" }}
exec:
command:
- python
- /tmp/health-probe.py
- --config-file
- /etc/neutron/neutron.conf
- --config-file
- /etc/neutron/ovn_metadata_agent.ini
- --liveness-probe
{{- if .Values.pod.use_fqdn.neutron_agent }}
- --use-fqdn
{{- end }}
{{- end }}
{{- define "neutron.ovn_metadata_agent.daemonset" }}
{{- $daemonset := index . 0 }}
{{- $configMapName := index . 1 }}
{{- $serviceAccountName := index . 2 }}
{{- $envAll := index . 3 }}
{{- with $envAll }}
{{- $mounts_neutron_ovn_metadata_agent := .Values.pod.mounts.neutron_ovn_metadata_agent.neutron_ovn_metadata_agent }}
{{- $mounts_neutron_ovn_metadata_agent_init := .Values.pod.mounts.neutron_ovn_metadata_agent.init_container }}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: neutron-ovn-metadata-agent
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
labels:
{{ tuple $envAll "neutron" "ovn-metadata-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
selector:
matchLabels:
{{ tuple $envAll "neutron" "ovn-metadata-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
{{ tuple $envAll "ovn_metadata_agent" | include "helm-toolkit.snippets.kubernetes_upgrades_daemonset" | indent 2 }}
template:
metadata:
labels:
{{ tuple $envAll "neutron" "ovn-metadata-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
{{ dict "envAll" $envAll "podName" "neutron-ovn-metadata-agent-default" "containerNames" (list "neutron-ovn-metadata-agent" "neutron-ovn-metadata-agent-init" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "neutron_ovn_metadata_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
serviceAccountName: {{ $serviceAccountName }}
{{ if $envAll.Values.pod.tolerations.neutron.enabled }}
{{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
{{ end }}
nodeSelector:
{{ .Values.labels.agent.ovn_metadata.node_selector_key }}: {{ .Values.labels.agent.ovn_metadata.node_selector_value }}
dnsPolicy: ClusterFirstWithHostNet
hostNetwork: true
{{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
shareProcessNamespace: true
{{- else }}
hostPID: true
{{- end }}
initContainers:
{{ tuple $envAll "pod_dependency" $mounts_neutron_ovn_metadata_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
- name: neutron-ovn-metadata-agent-init
{{ tuple $envAll "neutron_ovn_metadata" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.agent.ovn_metadata | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "neutron_ovn_metadata_agent" "container" "neutron_ovn_metadata_agent_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
env:
- name: NEUTRON_USER_UID
value: "{{ .Values.pod.security_context.neutron_ovn_metadata_agent.pod.runAsUser }}"
command:
- /tmp/neutron-ovn-metadata-agent-init.sh
volumeMounts:
- name: run
mountPath: /run
- name: pod-tmp
mountPath: /tmp
- name: neutron-bin
mountPath: /tmp/neutron-ovn-metadata-agent-init.sh
subPath: neutron-ovn-metadata-agent-init.sh
readOnly: true
- name: neutron-etc
mountPath: /etc/neutron/neutron.conf
subPath: neutron.conf
readOnly: true
- name: socket
mountPath: /var/lib/neutron/openstack-helm
containers:
- name: neutron-ovn-metadata-agent
{{ tuple $envAll "neutron_metadata" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.agent.ovn_metadata | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
env:
- name: RPC_PROBE_TIMEOUT
value: "{{ .Values.pod.probes.rpc_timeout }}"
- name: RPC_PROBE_RETRIES
value: "{{ .Values.pod.probes.rpc_retries }}"
{{ dict "envAll" $envAll "component" "ovn_metadata_agent" "container" "ovn_metadata_agent" "type" "readiness" "probeTemplate" (include "ovnMetadataAgentReadinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
{{ dict "envAll" $envAll "component" "ovn_metadata_agent" "container" "ovn_metadata_agent" "type" "liveness" "probeTemplate" (include "ovnMetadataAgentLivenessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
securityContext:
privileged: true
command:
- /tmp/neutron-ovn-metadata-agent.sh
volumeMounts:
- name: run
mountPath: /run
- name: pod-tmp
mountPath: /tmp
- name: pod-var-neutron
mountPath: {{ .Values.conf.neutron.DEFAULT.state_path }}
- name: neutron-bin
mountPath: /tmp/neutron-ovn-metadata-agent.sh
subPath: neutron-ovn-metadata-agent.sh
readOnly: true
- name: neutron-bin
mountPath: /tmp/health-probe.py
subPath: health-probe.py
readOnly: true
- name: neutron-etc
mountPath: /etc/neutron/neutron.conf
subPath: neutron.conf
readOnly: true
{{- if .Values.conf.neutron.DEFAULT.log_config_append }}
- name: neutron-etc
mountPath: {{ .Values.conf.neutron.DEFAULT.log_config_append }}
subPath: {{ base .Values.conf.neutron.DEFAULT.log_config_append }}
readOnly: true
{{- end }}
- name: neutron-etc
mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini
subPath: ml2_conf.ini
readOnly: true
{{- if ( has "openvswitch" .Values.network.backend ) }}
- name: neutron-etc
mountPath: /etc/neutron/plugins/ml2/openvswitch_agent.ini
subPath: openvswitch_agent.ini
readOnly: true
{{- end }}
- name: neutron-etc
mountPath: /etc/neutron/ovn_metadata_agent.ini
subPath: ovn_metadata_agent.ini
readOnly: true
- name: neutron-etc
# NOTE (Portdirect): We mount here to override Kollas
# custom sudoers file when using Kolla images, this
# location will also work fine for other images.
mountPath: /etc/sudoers.d/kolla_neutron_sudoers
subPath: neutron_sudoers
readOnly: true
- name: neutron-etc
mountPath: /etc/neutron/rootwrap.conf
subPath: rootwrap.conf
readOnly: true
{{- range $key, $value := $envAll.Values.conf.rootwrap_filters }}
{{- if ( has "ovn_metadata_agent" $value.pods ) }}
{{- $filePrefix := replace "_" "-" $key }}
{{- $rootwrapFile := printf "/etc/neutron/rootwrap.d/%s.filters" $filePrefix }}
- name: neutron-etc
mountPath: {{ $rootwrapFile }}
subPath: {{ base $rootwrapFile }}
readOnly: true
{{- end }}
{{- end }}
- name: socket
mountPath: /var/lib/neutron/openstack-helm
{{- if .Values.network.share_namespaces }}
- name: host-run-netns
mountPath: /run/netns
mountPropagation: Bidirectional
{{- end }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute_metadata.metadata.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_neutron_ovn_metadata_agent.volumeMounts }}{{ toYaml $mounts_neutron_ovn_metadata_agent.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
emptyDir: {}
- name: pod-var-neutron
emptyDir: {}
- name: run
hostPath:
path: /run
- name: neutron-bin
configMap:
name: neutron-bin
defaultMode: 0555
- name: neutron-etc
secret:
secretName: {{ $configMapName }}
defaultMode: 0444
- name: socket
hostPath:
path: /var/lib/neutron/openstack-helm
{{- if .Values.network.share_namespaces }}
- name: host-run-netns
hostPath:
path: /run/netns
{{- end }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute_metadata.metadata.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_neutron_ovn_metadata_agent.volumes }}{{ toYaml $mounts_neutron_ovn_metadata_agent.volumes | indent 8 }}{{ end }}
{{- end }}
{{- end }}
{{- if .Values.manifests.daemonset_ovn_metadata_agent }}
{{- $envAll := . }}
{{- $daemonset := "ovn-metadata-agent" }}
{{- $configMapName := "neutron-etc" }}
{{- $serviceAccountName := "neutron-ovn-metadata-agent" }}
{{- $dependencyOpts := dict "envAll" $envAll "dependencyMixinParam" $envAll.Values.network.backend "dependencyKey" "ovn-metadata" -}}
{{- $_ := include "helm-toolkit.utils.dependency_resolver" $dependencyOpts | toString | fromYaml }}
{{ tuple $envAll "pod_dependency" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
{{- $daemonset_yaml := list $daemonset $configMapName $serviceAccountName . | include "neutron.ovn_metadata_agent.daemonset" | toString | fromYaml }}
{{- $configmap_yaml := "neutron.configmap.etc" }}
{{- list $daemonset $daemonset_yaml $configmap_yaml $configMapName . | include "helm-toolkit.utils.daemonset_overrides" }}
{{- end }}

View File

@ -91,6 +91,29 @@ spec:
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.server.timeout | default "30" }} terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.server.timeout | default "30" }}
initContainers: initContainers:
{{ tuple $envAll "pod_dependency" $mounts_neutron_server_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} {{ tuple $envAll "pod_dependency" $mounts_neutron_server_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
{{- if ( has "ovn" .Values.network.backend ) }}
- name: ovn-neutron-init
{{ tuple $envAll "neutron_server" | include "helm-toolkit.snippets.image" | indent 10 }}
command:
- /tmp/neutron-server-ovn-init.sh
volumeMounts:
- name: pod-tmp
mountPath: /tmp
- name: pod-shared
mountPath: /tmp/pod-shared
- name: neutron-bin
mountPath: /tmp/neutron-server-ovn-init.sh
subPath: neutron-server-ovn-init.sh
readOnly: true
- name: neutron-etc
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
readOnly: true
- name: neutron-etc
mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini
subPath: ml2_conf.ini
readOnly: true
{{- end }}
{{- if ( has "tungstenfabric" .Values.network.backend ) }} {{- if ( has "tungstenfabric" .Values.network.backend ) }}
- name: tungstenfabric-neutron-init - name: tungstenfabric-neutron-init
image: {{ .Values.images.tags.tf_neutron_init }} image: {{ .Values.images.tags.tf_neutron_init }}
@ -176,6 +199,8 @@ spec:
volumeMounts: volumeMounts:
- name: pod-tmp - name: pod-tmp
mountPath: /tmp mountPath: /tmp
- name: pod-shared
mountPath: /tmp/pod-shared
- name: pod-var-neutron - name: pod-var-neutron
mountPath: {{ .Values.conf.neutron.DEFAULT.state_path }} mountPath: {{ .Values.conf.neutron.DEFAULT.state_path }}
- name: neutron-bin - name: neutron-bin
@ -258,6 +283,8 @@ spec:
volumes: volumes:
- name: pod-tmp - name: pod-tmp
emptyDir: {} emptyDir: {}
- name: pod-shared
emptyDir: {}
{{- if .Values.manifests.certificates }} {{- if .Values.manifests.certificates }}
- name: wsgi-neutron - name: wsgi-neutron
emptyDir: {} emptyDir: {}

View File

@ -33,6 +33,7 @@ images:
neutron_server: docker.io/openstackhelm/neutron:stein-ubuntu_bionic neutron_server: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
neutron_dhcp: docker.io/openstackhelm/neutron:stein-ubuntu_bionic neutron_dhcp: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
neutron_metadata: docker.io/openstackhelm/neutron:stein-ubuntu_bionic neutron_metadata: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
neutron_ovn_metadata: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
neutron_l3: docker.io/openstackhelm/neutron:stein-ubuntu_bionic neutron_l3: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
neutron_l2gw: docker.io/openstackhelm/neutron:stein-ubuntu_bionic neutron_l2gw: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
neutron_openvswitch_agent: docker.io/openstackhelm/neutron:stein-ubuntu_bionic neutron_openvswitch_agent: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
@ -62,6 +63,9 @@ labels:
metadata: metadata:
node_selector_key: openstack-control-plane node_selector_key: openstack-control-plane
node_selector_value: enabled node_selector_value: enabled
ovn_metadata:
node_selector_key: openstack-control-plane
node_selector_value: enabled
l2gw: l2gw:
node_selector_key: openstack-control-plane node_selector_key: openstack-control-plane
node_selector_value: enabled node_selector_value: enabled
@ -156,6 +160,7 @@ dependencies:
sriov: {} sriov: {}
l2gateway: {} l2gateway: {}
bagpipe_bgp: {} bagpipe_bgp: {}
ovn: {}
openvswitch: openvswitch:
dhcp: dhcp:
pod: pod:
@ -279,6 +284,19 @@ dependencies:
service: compute service: compute
- endpoint: public - endpoint: public
service: compute_metadata service: compute_metadata
ovn_metadata:
pod: null
jobs:
- neutron-rabbit-init
services:
- endpoint: internal
service: oslo_messaging
- endpoint: internal
service: network
- endpoint: internal
service: compute
- endpoint: public
service: compute_metadata
ovs_agent: ovs_agent:
jobs: jobs:
- neutron-rabbit-init - neutron-rabbit-init
@ -385,6 +403,20 @@ pod:
initialDelaySeconds: 120 initialDelaySeconds: 120
periodSeconds: 600 periodSeconds: 600
timeoutSeconds: 580 timeoutSeconds: 580
ovn_metadata_agent:
ovn_metadata_agent:
readiness:
enabled: true
params:
initialDelaySeconds: 30
periodSeconds: 190
timeoutSeconds: 185
liveness:
enabled: true
params:
initialDelaySeconds: 120
periodSeconds: 600
timeoutSeconds: 580
ovs_agent: ovs_agent:
ovs_agent: ovs_agent:
readiness: readiness:
@ -490,6 +522,13 @@ pod:
neutron_metadata_agent_init: neutron_metadata_agent_init:
runAsUser: 0 runAsUser: 0
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
neutron_ovn_metadata_agent:
pod:
runAsUser: 42424
container:
neutron_ovn_metadata_agent_init:
runAsUser: 0
readOnlyRootFilesystem: true
neutron_ovs_agent: neutron_ovs_agent:
pod: pod:
runAsUser: 42424 runAsUser: 42424
@ -584,6 +623,11 @@ pod:
neutron_metadata_agent: neutron_metadata_agent:
volumeMounts: volumeMounts:
volumes: volumes:
neutron_ovn_metadata_agent:
init_container: null
neutron_ovn_metadata_agent:
volumeMounts:
volumes:
neutron_ovs_agent: neutron_ovs_agent:
init_container: null init_container: null
neutron_ovs_agent: neutron_ovs_agent:
@ -661,6 +705,10 @@ pod:
enabled: true enabled: true
min_ready_seconds: 0 min_ready_seconds: 0
max_unavailable: 1 max_unavailable: 1
ovn_metadata_agent:
enabled: true
min_ready_seconds: 0
max_unavailable: 1
ovs_agent: ovs_agent:
enabled: true enabled: true
min_ready_seconds: 0 min_ready_seconds: 0
@ -712,6 +760,13 @@ pod:
limits: limits:
memory: "1024Mi" memory: "1024Mi"
cpu: "2000m" cpu: "2000m"
ovn_metadata:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
ovs: ovs:
requests: requests:
memory: "128Mi" memory: "128Mi"
@ -1233,6 +1288,7 @@ conf:
- l3_agent - l3_agent
- lb_agent - lb_agent
- metadata_agent - metadata_agent
- ovn_metadata_agent
- ovs_agent - ovs_agent
- sriov_agent - sriov_agent
content: | content: |
@ -1260,6 +1316,7 @@ conf:
- l3_agent - l3_agent
- lb_agent - lb_agent
- metadata_agent - metadata_agent
- ovn_metadata_agent
- ovs_agent - ovs_agent
- sriov_agent - sriov_agent
content: | content: |
@ -1285,6 +1342,7 @@ conf:
- l3_agent - l3_agent
- lb_agent - lb_agent
- metadata_agent - metadata_agent
- ovn_metadata_agent
- ovs_agent - ovs_agent
- sriov_agent - sriov_agent
content: | content: |
@ -1306,6 +1364,7 @@ conf:
- l3_agent - l3_agent
- lb_agent - lb_agent
- metadata_agent - metadata_agent
- ovn_metadata_agent
- ovs_agent - ovs_agent
- sriov_agent - sriov_agent
content: | content: |
@ -1396,6 +1455,7 @@ conf:
- l3_agent - l3_agent
- lb_agent - lb_agent
- metadata_agent - metadata_agent
- ovn_metadata_agent
- ovs_agent - ovs_agent
- sriov_agent - sriov_agent
- netns_cleanup_cron - netns_cleanup_cron
@ -1418,6 +1478,7 @@ conf:
- l3_agent - l3_agent
- lb_agent - lb_agent
- metadata_agent - metadata_agent
- ovn_metadata_agent
- ovs_agent - ovs_agent
- sriov_agent - sriov_agent
- netns_cleanup_cron - netns_cleanup_cron
@ -1467,6 +1528,7 @@ conf:
- l3_agent - l3_agent
- lb_agent - lb_agent
- metadata_agent - metadata_agent
- ovn_metadata_agent
- ovs_agent - ovs_agent
- sriov_agent - sriov_agent
content: | content: |
@ -1487,6 +1549,7 @@ conf:
- l3_agent - l3_agent
- lb_agent - lb_agent
- metadata_agent - metadata_agent
- ovn_metadata_agent
- ovs_agent - ovs_agent
- sriov_agent - sriov_agent
content: | content: |
@ -1523,6 +1586,7 @@ conf:
- l3_agent - l3_agent
- lb_agent - lb_agent
- metadata_agent - metadata_agent
- ovn_metadata_agent
- ovs_agent - ovs_agent
- sriov_agent - sriov_agent
content: | content: |
@ -1560,6 +1624,7 @@ conf:
- l3_agent - l3_agent
- lb_agent - lb_agent
- metadata_agent - metadata_agent
- ovn_metadata_agent
- ovs_agent - ovs_agent
- sriov_agent - sriov_agent
content: | content: |
@ -1597,6 +1662,7 @@ conf:
- l3_agent - l3_agent
- lb_agent - lb_agent
- metadata_agent - metadata_agent
- ovn_metadata_agent
- ovs_agent - ovs_agent
- sriov_agent - sriov_agent
- netns_cleanup_cron - netns_cleanup_cron
@ -1814,7 +1880,7 @@ conf:
# (NOTE)portdirect: if unset this is populated dyanmicly from the value # (NOTE)portdirect: if unset this is populated dyanmicly from the value
# in 'network.backend' to sane defaults. # in 'network.backend' to sane defaults.
mechanism_drivers: null mechanism_drivers: null
type_drivers: flat,vlan,vxlan type_drivers: flat,vlan,vxlan,local
tenant_network_types: vxlan tenant_network_types: vxlan
ml2_type_vxlan: ml2_type_vxlan:
vni_ranges: 1:1000 vni_ranges: 1:1000
@ -1903,6 +1969,7 @@ conf:
enabled: true enabled: true
backend: dogpile.cache.memcached backend: dogpile.cache.memcached
bagpipe_bgp: {} bagpipe_bgp: {}
ovn_metadata_agent: {}
rabbitmq: rabbitmq:
# NOTE(rk760n): adding rmq policy to mirror messages from notification queues and set expiration time for the ones # NOTE(rk760n): adding rmq policy to mirror messages from notification queues and set expiration time for the ones

View File

@ -0,0 +1,57 @@
---
network:
backend:
- openvswitch
- ovn
conf:
neutron:
DEFAULT:
router_distributed: True
service_plugins: ovn-router
l3_ha_network_type: geneve
plugins:
ml2_conf:
ml2:
extension_drivers: port_security
mechanism_drivers: ovn
type_drivers: flat,vxlan,geneve
tenant_network_types: geneve
overlay_ip_version: 4
ml2_type_geneve:
vni_ranges: 1:65536
max_header_size: 38
securitygroup:
enable_security_group: True
firewall_driver: neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
ovn:
ovn_nb_connection: tcp:__OVN_NB_DB_SERVICE_HOST__:__OVN_NB_DB_SERVICE_PORT__
ovn_sb_connection: tcp:__OVN_SB_DB_SERVICE_HOST__:__OVN_SB_DB_SERVICE_PORT__
enable_distributed_floating_ip: True
ovn_l3_scheduler: leastloaded
dns_servers: 8.8.8.8,1.1.1.1
ovn_metadata_agent:
DEFAULT:
# we cannot change the proxy socket path as it is declared
# as a hostPath volume from agent daemonsets
metadata_proxy_socket: /var/lib/neutron/openstack-helm/metadata_proxy
metadata_proxy_shared_secret: "password"
metadata_workers: 2
cache:
enabled: true
backend: dogpile.cache.memcached
ovs:
ovsdb_connection: tcp:127.0.0.1:6640
ovsdb_timeout: 180
ovn:
ovn_metadata_enabled: True
ovn_nb_connection: tcp:__OVN_NB_DB_SERVICE_HOST__:__OVN_NB_DB_SERVICE_PORT__
ovn_sb_connection: tcp:__OVN_SB_DB_SERVICE_HOST__:__OVN_SB_DB_SERVICE_PORT__
manifests:
daemonset_dhcp_agent: false
daemonset_l3_agent: false
daemonset_metadata_agent: false
daemonset_ovs_agent: false
daemonset_ovn_metadata_agent: true

View File

@ -13,6 +13,7 @@ images:
neutron_l2gw: "docker.io/openstackhelm/neutron:xena-ubuntu_focal" neutron_l2gw: "docker.io/openstackhelm/neutron:xena-ubuntu_focal"
neutron_linuxbridge_agent: "docker.io/openstackhelm/neutron:xena-ubuntu_focal" neutron_linuxbridge_agent: "docker.io/openstackhelm/neutron:xena-ubuntu_focal"
neutron_metadata: "docker.io/openstackhelm/neutron:xena-ubuntu_focal" neutron_metadata: "docker.io/openstackhelm/neutron:xena-ubuntu_focal"
neutron_ovn_metadata: "docker.io/openstackhelm/neutron:xena-ubuntu_focal"
neutron_openvswitch_agent: "docker.io/openstackhelm/neutron:xena-ubuntu_focal" neutron_openvswitch_agent: "docker.io/openstackhelm/neutron:xena-ubuntu_focal"
neutron_server: "docker.io/openstackhelm/neutron:xena-ubuntu_focal" neutron_server: "docker.io/openstackhelm/neutron:xena-ubuntu_focal"
neutron_rpc_server: "docker.io/openstackhelm/neutron:xena-ubuntu_focal" neutron_rpc_server: "docker.io/openstackhelm/neutron:xena-ubuntu_focal"

View File

@ -13,6 +13,7 @@ images:
neutron_l2gw: "docker.io/openstackhelm/neutron:yoga-ubuntu_focal" neutron_l2gw: "docker.io/openstackhelm/neutron:yoga-ubuntu_focal"
neutron_linuxbridge_agent: "docker.io/openstackhelm/neutron:yoga-ubuntu_focal" neutron_linuxbridge_agent: "docker.io/openstackhelm/neutron:yoga-ubuntu_focal"
neutron_metadata: "docker.io/openstackhelm/neutron:yoga-ubuntu_focal" neutron_metadata: "docker.io/openstackhelm/neutron:yoga-ubuntu_focal"
neutron_ovn_metadata: "docker.io/openstackhelm/neutron:yoga-ubuntu_focal"
neutron_openvswitch_agent: "docker.io/openstackhelm/neutron:yoga-ubuntu_focal" neutron_openvswitch_agent: "docker.io/openstackhelm/neutron:yoga-ubuntu_focal"
neutron_server: "docker.io/openstackhelm/neutron:yoga-ubuntu_focal" neutron_server: "docker.io/openstackhelm/neutron:yoga-ubuntu_focal"
neutron_rpc_server: "docker.io/openstackhelm/neutron:yoga-ubuntu_focal" neutron_rpc_server: "docker.io/openstackhelm/neutron:yoga-ubuntu_focal"

View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0 appVersion: v1.0.0
description: OpenStack-Helm Nova description: OpenStack-Helm Nova
name: nova name: nova
version: 0.3.3 version: 0.3.4
home: https://docs.openstack.org/nova/latest/ home: https://docs.openstack.org/nova/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Nova/OpenStack_Project_Nova_vertical.png icon: https://www.openstack.org/themes/openstack/images/project-mascots/Nova/OpenStack_Project_Nova_vertical.png
sources: sources:

View File

@ -0,0 +1,12 @@
dependencies:
dynamic:
targeted:
openvswitch:
compute:
pod: []
conf:
nova:
DEFAULT:
vif_plugging_is_fatal: true
vif_plugging_timeout: 300

View File

@ -44,4 +44,5 @@ neutron:
- 0.3.0 Remove support for Train and Ussuri - 0.3.0 Remove support for Train and Ussuri
- 0.3.1 Remove default policy rules - 0.3.1 Remove default policy rules
- 0.3.2 Use correct labels for ovs which uses one daemonset for ovs-db and ovs-vswitchd - 0.3.2 Use correct labels for ovs which uses one daemonset for ovs-db and ovs-vswitchd
- 0.3.3 Add OVN Support
... ...

View File

@ -72,4 +72,5 @@ nova:
- 0.3.1 Added backoffLimit for bootstrap job - 0.3.1 Added backoffLimit for bootstrap job
- 0.3.2 Remove un-used configs for Nova - 0.3.2 Remove un-used configs for Nova
- 0.3.3 Update all Ceph images to Focal - 0.3.3 Update all Ceph images to Focal
- 0.3.4 Add OVN values_override, disable dependency to ovn-agent and vif configs for ovn
... ...

View File

@ -0,0 +1,33 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
export FEATURE_GATES="ovn"
#NOTE: Get the over-rides to use
export HELM_CHART_ROOT_PATH="${HELM_CHART_ROOT_PATH:="${OSH_INFRA_PATH:="../openstack-helm-infra"}"}"
: ${OSH_EXTRA_HELM_ARGS_OPENVSWITCH:="$(./tools/deployment/common/get-values-overrides.sh openvswitch)"}
#NOTE: Lint and package chart
make -C ${HELM_CHART_ROOT_PATH} openvswitch
#NOTE: Deploy command
: ${OSH_EXTRA_HELM_ARGS:=""}
helm upgrade --install openvswitch ${HELM_CHART_ROOT_PATH}/openvswitch \
--namespace=openstack \
${OSH_EXTRA_HELM_ARGS} \
${OSH_EXTRA_HELM_ARGS_OPENVSWITCH}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh openstack

View File

@ -0,0 +1,33 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
export FEATURE_GATES="ovn"
#NOTE: Get the over-rides to use
export HELM_CHART_ROOT_PATH="${HELM_CHART_ROOT_PATH:="${OSH_INFRA_PATH:="../openstack-helm-infra"}"}"
: ${OSH_EXTRA_HELM_ARGS_OVN:="$(./tools/deployment/common/get-values-overrides.sh ovn)"}
#NOTE: Lint and package chart
make -C ${HELM_CHART_ROOT_PATH} ovn
#NOTE: Deploy command
: ${OSH_EXTRA_HELM_ARGS:=""}
helm upgrade --install ovn ${HELM_CHART_ROOT_PATH}/ovn \
--namespace=openstack \
${OSH_EXTRA_HELM_ARGS} \
${OSH_EXTRA_HELM_ARGS_OVN}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh openstack

View File

@ -0,0 +1,66 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
export FEATURE_GATES="ovn"
: ${RUN_HELM_TESTS:="yes"}
#NOTE: Get the over-rides to use
: ${OSH_EXTRA_HELM_ARGS_NOVA:="$(./tools/deployment/common/get-values-overrides.sh nova)"}
tee /tmp/pvc-ceph-client-key.yaml << EOF
AQAk//BhgQMXDxAAPwH86gbDjEEpmXC4s2ontw==
EOF
kubectl -n openstack create secret generic pvc-ceph-client-key --from-file=key=/tmp/pvc-ceph-client-key.yaml || true
rm -f /tmp/pvc-ceph-client-key.yaml
#NOTE: Lint and package chart
make nova
helm upgrade --install nova ./nova \
--namespace=openstack \
${OSH_EXTRA_HELM_ARGS:=} \
${OSH_EXTRA_HELM_ARGS_NOVA}
# Get overrides
: ${OSH_EXTRA_HELM_ARGS_PLACEMENT:="$(./tools/deployment/common/get-values-overrides.sh placement)"}
# Lint and package
make placement
# Deploy
helm upgrade --install placement ./placement \
--namespace=openstack \
${OSH_EXTRA_HELM_ARGS:=} \
${OSH_EXTRA_HELM_ARGS_PLACEMENT}
#NOTE: Get the over-rides to use
: ${OSH_EXTRA_HELM_ARGS_NEUTRON:="$(./tools/deployment/common/get-values-overrides.sh neutron)"}
#NOTE: Lint and package chart
make neutron
helm upgrade --install neutron ./neutron \
--namespace=openstack \
${OSH_RELEASE_OVERRIDES_NEUTRON} \
${OSH_EXTRA_HELM_ARGS} \
${OSH_EXTRA_HELM_ARGS_NEUTRON}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh openstack
./tools/deployment/common/run-helm-tests.sh nova
./tools/deployment/common/run-helm-tests.sh neutron