From 5bb772cf50ad4d851c564aeb50b10ed64ef38ee0 Mon Sep 17 00:00:00 2001 From: Pete Birley Date: Thu, 19 Apr 2018 22:34:20 -0500 Subject: [PATCH] Neutron: Enable sharing of network namespaces with host This PS enables sharing of network namespaces with the host, allowing for hitless upgrades of agents, and much simpler debugging. It does however require mount propogation to be enabled in kubernetes which is a alpha gated feature introduced in 1.8, and enabled by default as a beta feature in 1.10. Depends-On: I7a37f45ff6061b144c6f04233712cd84fccb3e83 Change-Id: I2a191a343fe637cbfd9e4af5277f9784af736dd1 --- neutron/templates/daemonset-dhcp-agent.yaml | 10 ++++++++++ neutron/templates/daemonset-l3-agent.yaml | 10 ++++++++++ neutron/templates/daemonset-metadata-agent.yaml | 10 ++++++++++ neutron/values.yaml | 4 ++++ 4 files changed, 34 insertions(+) diff --git a/neutron/templates/daemonset-dhcp-agent.yaml b/neutron/templates/daemonset-dhcp-agent.yaml index ab98e341..5cba9f0e 100644 --- a/neutron/templates/daemonset-dhcp-agent.yaml +++ b/neutron/templates/daemonset-dhcp-agent.yaml @@ -113,6 +113,11 @@ spec: {{- end }} - name: socket mountPath: /var/lib/neutron/openstack-helm + {{- if .Values.network.share_namespaces }} + - name: host-run-netns + mountPath: /run/netns + mountPropagation: Bidirectional + {{- end }} {{ if $mounts_neutron_dhcp_agent.volumeMounts }}{{ toYaml $mounts_neutron_dhcp_agent.volumeMounts | indent 12 }}{{ end }} volumes: - name: neutron-bin @@ -131,6 +136,11 @@ spec: - name: socket hostPath: path: /var/lib/neutron/openstack-helm + {{- if .Values.network.share_namespaces }} + - name: host-run-netns + hostPath: + path: /run/netns + {{- end }} {{ if $mounts_neutron_dhcp_agent.volumes }}{{ toYaml $mounts_neutron_dhcp_agent.volumes | indent 8 }}{{ end }} {{- end }} {{- end }} diff --git a/neutron/templates/daemonset-l3-agent.yaml b/neutron/templates/daemonset-l3-agent.yaml index bacbe04c..e05e0be5 100644 --- a/neutron/templates/daemonset-l3-agent.yaml +++ b/neutron/templates/daemonset-l3-agent.yaml @@ -112,6 +112,11 @@ spec: readOnly: true - name: socket mountPath: /var/lib/neutron/openstack-helm + {{- if .Values.network.share_namespaces }} + - name: host-run-netns + mountPath: /run/netns + mountPropagation: Bidirectional + {{- end }} {{ if $mounts_neutron_l3_agent.volumeMounts }}{{ toYaml $mounts_neutron_l3_agent.volumeMounts | indent 12 }}{{ end }} volumes: - name: neutron-bin @@ -133,6 +138,11 @@ spec: - name: socket hostPath: path: /var/lib/neutron/openstack-helm + {{- if .Values.network.share_namespaces }} + - name: host-run-netns + hostPath: + path: /run/netns + {{- end }} {{ if $mounts_neutron_l3_agent.volumes }}{{ toYaml $mounts_neutron_l3_agent.volumes | indent 8 }}{{ end }} {{- end }} {{- end }} diff --git a/neutron/templates/daemonset-metadata-agent.yaml b/neutron/templates/daemonset-metadata-agent.yaml index 32dc87ac..1dc92a2d 100644 --- a/neutron/templates/daemonset-metadata-agent.yaml +++ b/neutron/templates/daemonset-metadata-agent.yaml @@ -127,6 +127,11 @@ spec: {{- end }} - name: socket mountPath: /var/lib/neutron/openstack-helm + {{- if .Values.network.share_namespaces }} + - name: host-run-netns + mountPath: /run/netns + mountPropagation: Bidirectional + {{- end }} {{ if $mounts_neutron_metadata_agent.volumeMounts }}{{ toYaml $mounts_neutron_metadata_agent.volumeMounts | indent 12 }}{{ end }} volumes: - name: neutron-bin @@ -145,6 +150,11 @@ spec: - name: socket hostPath: path: /var/lib/neutron/openstack-helm + {{- if .Values.network.share_namespaces }} + - name: host-run-netns + hostPath: + path: /run/netns + {{- end }} {{ if $mounts_neutron_metadata_agent.volumes }}{{ toYaml $mounts_neutron_metadata_agent.volumes | indent 8 }}{{ end }} {{- end }} {{- end }} diff --git a/neutron/values.yaml b/neutron/values.yaml index a32bcda1..61d82387 100644 --- a/neutron/values.yaml +++ b/neutron/values.yaml @@ -80,6 +80,10 @@ network: # possible options: openvswitch, linuxbridge, sriov backend: - openvswitch + # NOTE(Portdirect): Share network namespaces with the host, + # allowing agents to be restarted without packet loss and simpler + # debugging. This feature requires mount propagation support. + share_namespaces: true external_bridge: br-ex ip_address: 0.0.0.0 interface: