services/neutron/neutron-l3-agent-daemonset.yml.j2

{%- set resourceName = kolla_kubernetes.cli.args.resource_name %}
{%- set loggerConfigmapName = "neutron-l3-agent" %}
{%- set netHostTrue = "yes" %}
{%- import "services/common/common-lib.yml.j2" as lib with context %}
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  name: neutron-l3-agent-{{ kolla_kubernetes.template.vars.type}}
  namespace: {{ kolla_kubernetes_namespace }}
  labels:
    component: neutron
    system: l3-agent-{{ kolla_kubernetes.template.vars.type}}
spec:
  template:
    metadata:
      labels:
        component: neutron
        system: l3-agent-{{ kolla_kubernetes.template.vars.type}}
      annotations:
#FIXME Its unclear if ovsdb_connection, local_ip, and/or hostPID required. Try removing them once we have a working gate to test with.
#FIXME Once out of alpha, this should be converted to yaml.
        pod.alpha.kubernetes.io/init-containers: '[
          {
              "name": "update-config",
              "image": "{{ kolla_toolbox_image_full }}",
              "command": [
                  "/bin/sh",
                  "-c",
                  "cp -a /srv/configmap/..data/* /srv/pod-main-config/;
{%- if enable_openvswitch_tcp == "yes" -%}
                  TUNNEL_INTERFACE={{ tunnel_interface }};
                  F=/var/lib/kolla-kubernetes/neutron-openvswitch-agent/tunnel_interface;
                  [ -f $F ] && TUNNEL_INTERFACE=$(<$F);
                  IP=$(ip addr list {{ tunnel_interface }} | grep ''inet '' |cut -d'' '' -f6|cut -d/ -f1);
                  crudini --set /srv/pod-main-config/ml2_conf.ini ovs ovsdb_connection tcp:$IP:6640;
{%- endif -%}
                  crudini --set /srv/pod-main-config/ml2_conf.ini ovs local_ip $IP;
{%- if kolla_kubernetes.template.vars.type == "compute" -%}
                  crudini --set /srv/pod-main-config/l3_agent.ini DEFAULT agent_mode dvr;
                  crudini --set /srv/pod-main-config/l3_agent.ini DEFAULT handle_internal_only_routers false;
{%- else -%}
                  crudini --set /srv/pod-main-config/l3_agent.ini DEFAULT handle_internal_only_routers true;
{%- if enable_neutron_dvr == "yes" -%}
                  crudini --set /srv/pod-main-config/l3_agent.ini DEFAULT agent_mode dvr_snat;
{%- else -%}
                  crudini --set /srv/pod-main-config/l3_agent.ini DEFAULT agent_mode legacy;
{%- endif -%}
{%- endif %}"
              ],
              "volumeMounts": [
                  {
                      "name": "neutron-l3-agent-configmap",
                      "mountPath": "/srv/configmap"
                  },
                  {
                      "name": "pod-main-config",
                      "mountPath": "/srv/pod-main-config"
                  }
              ]
          },
          {
              "name": "update-permissions",
              "image": "{{ neutron_l3_agent_image_full }}",
              "securityContext": {
                  "runAsUser": 0
              },
              "command": [
                  "/bin/sh",
                  "-c",
                  "chown --recursive neutron.kolla /var/log/kolla;
                  echo FIXME check for ip6tables loaded;"
              ],
              "volumeMounts": [
                  {
                      "name": "kolla-logs",
                      "mountPath": "/var/log/kolla"
                  }
              ]
          }
        ]'
    spec:
      hostNetwork: True
      hostIPC: True
      hostPID: True
      nodeSelector:
{%- if kolla_kubernetes.template.vars.type == "compute" %}
{%- set selector = kolla_kubernetes_hostlabel_neutron_l3_agent_compute |
                   default(kolla_kubernetes_hostlabel_compute) %}
{%- else %}
{%- set selector = global['kolla_kubernetes_hostlabel_neutron_l3_agent_network_' ~ kolla_kubernetes.template.vars.type] |
                   default(kolla_kubernetes_hostlabel_network |
                     default(kolla_kubernetes_hostlabel_controller)
                   )
%}
{%- endif %}
          {{ selector.key }}: {{ selector.value }}
      containers:
        - image: "{{ neutron_l3_agent_image_full }}"
          name: main
          securityContext:
            privileged: true
          volumeMounts:
{{ lib.common_volume_mounts(indent=12) }}
            - mountPath: {{ container_config_directory }}
              name: pod-main-config
            - mountPath: /var/lib/neutron/kolla/
              name: neutron-metadata-socket
            - mountPath: /var/run
              name: host-run
            - mountPath: /run/netns/
              name: host-run-netns
              # shared: true # This seems not support in K8s yet :(
          env:
            - name: KOLLA_CONFIG_STRATEGY
              value: {{ config_strategy }}
{{ lib.common_containers(indent=8) }}
      volumes:
{{ lib.common_volumes(indent=8) }}
        - name: pod-main-config
          emptyDir: {}
        - name: neutron-l3-agent-configmap
          configMap:
            name: neutron-l3-agent
            items:
            - key: neutron.conf
              path: neutron.conf
            - key: config.json
              path: config.json
            - key: ml2-conf.ini
              path: ml2_conf.ini
            - key: fwaas-driver.ini
              path: fwaas_driver.ini
            - key: l3-agent.ini
              path: l3_agent.ini
        - name: host-run-netns
          hostPath:
            path: /run/netns
        - name: host-run
          hostPath:
            path: /var/run
        - name: neutron-metadata-socket
          hostPath:
            path: /var/lib/neutron/kolla/metadata_proxy