Commit neutron chart

This is a functioning neutron chart that leverages a flat network but supports vxlan and gre networks in values.yaml. We were unable to test the vxlan functionality as it tickles the bnx2x cards in our HP blade lab. For now, this leverages daemonsets which make sense. It does require a new label, namely openvswitch=enabled as we need a label that can be applied both to the control plane and tenant compute hosts as both require neutron agents and openvswitch. The interfaces today match our labs, namely enp11s0f0 for the flat network on physnet1 and enp12s0f0 for the external network. These can be overriden in values.yaml via set or a global environmental file. It depends on the keystone endpoint work. This chart was tested against a working nova chart not commited as DTadrzak has one open in PR#45
2017-01-03 12:28:44 -08:00 · 2017-01-03 12:28:44 -08:00 · b9a4a0b31d
parent b366dc252a
commit b9a4a0b31d
27 changed files with 1153 additions and 9 deletions
--- a/14
+++ b/14
@ -1,12 +1,12 @@
-.PHONY: ceph bootstrap mariadb keystone memcached rabbitmq common openstack all clean
+.PHONY: ceph bootstrap mariadb keystone memcached rabbitmq common openstack neutron all clean

 B64_DIRS := common/secrets
 B64_EXCLUDE := $(wildcard common/secrets/*.b64)

-CHARTS := ceph mariadb rabbitmq GLANCE memcached keystone glance horizon openstack
+CHARTS := ceph mariadb rabbitmq GLANCE memcached keystone glance horizon neutron openstack
 COMMON_TPL := common/templates/_globals.tpl

-all: common ceph bootstrap mariadb rabbitmq memcached keystone glance horizon openstack
+all: common ceph bootstrap mariadb rabbitmq memcached keystone glance horizon neutron openstack

 common: build-common

@ -25,6 +25,8 @@ rabbitmq: build-rabbitmq

 glance: build-glance

+glance: build-neutron
+
 memcached: build-memcached

 openstack: build-openstack
@ -41,9 +43,3 @@ build-%:
 	helm lint $*
 	helm package $*

-## this is required for some charts which cannot pass a lint, namely
-## those which use .Release.Namespace in a default pipe capacity
-#nolint-build-%:
-#       if [ -f $*/Makefile ]; then make -C $*; fi
-#       if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
-#       helm package $*
--- a/neutron/Chart.yaml
+++ b/neutron/Chart.yaml
@ -0,0 +1,3 @@
+description: A Helm chart for neutron
+name: neutron
+version: 0.1.0
--- a/neutron/requirements.yaml
+++ b/neutron/requirements.yaml
@ -0,0 +1,4 @@
+dependencies:
+  - name: common
+    repository: http://localhost:8879/charts
+    version: 0.1.0
--- a/neutron/templates/bin/_init.sh.tpl
+++ b/neutron/templates/bin/_init.sh.tpl
@ -0,0 +1,18 @@
+#!/bin/bash
+set -ex
+export HOME=/tmp
+
+ansible localhost -vvv -m mysql_db -a "login_host='{{ include "neutron_db_host" . }}' \
+login_port='{{ .Values.database.port }}' \
+login_user='{{ .Values.database.root_user }}' \
+login_password='{{ .Values.database.root_password }}' \
+name='{{ .Values.database.neutron_database_name }}'"
+
+ansible localhost -vvv -m mysql_user -a "login_host='{{ include "neutron_db_host" . }}' \
+login_port='{{ .Values.database.port }}' \
+login_user='{{ .Values.database.root_user }}' \
+login_password='{{ .Values.database.root_password }}' \
+name='{{ .Values.database.neutron_user }}' \
+password='{{ .Values.database.neutron_password }}' \
+host='%' \
+priv='{{ .Values.database.neutron_database_name }}.*:ALL' append_privs='yes'"
--- a/neutron/templates/bin/_neutron-openvswitch-agent.sh.tpl
+++ b/neutron/templates/bin/_neutron-openvswitch-agent.sh.tpl
@ -0,0 +1,16 @@
+#!/bin/bash
+set -x
+chown neutron: /run/openvswitch/db.sock
+
+# determine local-ip dynamically based on interface provided but only if tunnel_types is not null
+{{- if .Values.ml2.agent.tunnel_types }}
+IP=$(ip a s {{ .Values.network.interface.tunnel | default .Values.network.interface.default}} | grep 'inet ' | awk '{print $2}' | awk -F "/" '{print $1}')
+cat <<EOF>/tmp/ml2-local-ip.ini
+[ovs]
+local_ip = $IP
+EOF
+{{- else }}
+touch /tmp/ml2-local-ip.ini
+{{- end }}
+
+exec sudo -E -u neutron neutron-openvswitch-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2-conf.ini --config-file /tmp/ml2-local-ip.ini
--- a/neutron/templates/bin/_openvswitch-db-server.sh.tpl
+++ b/neutron/templates/bin/_openvswitch-db-server.sh.tpl
@ -0,0 +1,10 @@
+#!/bin/bash
+set -ex
+
+mkdir -p "/run/openvswitch"
+if [[ ! -e "/run/openvswitch/conf.db" ]]; then
+  ovsdb-tool create "/run/openvswitch/conf.db"
+fi
+
+umask 000    
+exec /usr/sbin/ovsdb-server /run/openvswitch/conf.db -vconsole:emer -vconsole:err -vconsole:info --remote=punix:/run/openvswitch/db.sock
--- a/neutron/templates/bin/_openvswitch-ensure-configured.sh.tpl
+++ b/neutron/templates/bin/_openvswitch-ensure-configured.sh.tpl
@ -0,0 +1,20 @@
+#!/bin/bash
+set -x
+
+bridge=$1
+port=$2
+
+# one time deal
+ovs-vsctl --no-wait --if-exists del-port physnet1 enp11s0f0
+ovs-vsctl --no-wait --if-exists del-br physnet1
+
+# note that only "br-ex" is definable right now
+
+ovs-vsctl --no-wait --may-exist add-br $bridge
+ovs-vsctl --no-wait --may-exist add-port $bridge $port
+
+# handle any bridge mappings
+{{- range $bridge, $port := .Values.ml2.ovs.auto_bridge_add }}
+ovs-vsctl --no-wait --may-exist add-br {{ $bridge }}
+ovs-vsctl --no-wait --may-exist add-port {{ $bridge }} {{ $port }}
+{{- end}}
--- a/neutron/templates/bin/_openvswitch-vswitchd.sh.tpl
+++ b/neutron/templates/bin/_openvswitch-vswitchd.sh.tpl
@ -0,0 +1,14 @@
+#!/bin/bash
+set -ex
+
+# load tunnel kernel modules we may use and gre/vxlan
+modprobe openvswitch
+
+{{- if .Values.ml2.agent.tunnel_types }}
+modprobe gre
+modprobe vxlan
+{{- end }}
+
+ovs-vsctl --no-wait show
+bash /tmp/openvswitch-ensure-configured.sh {{ .Values.network.external_bridge }} {{ .Values.network.interface.external | default .Values.network.interface.default }}
+exec /usr/sbin/ovs-vswitchd unix:/run/openvswitch/db.sock --mlockall -vconsole:emer -vconsole:err -vconsole:info
--- a/neutron/templates/bin/_post.sh.tpl
+++ b/neutron/templates/bin/_post.sh.tpl
@ -0,0 +1,41 @@
+#!/bin/bash
+set -ex
+export HOME=/tmp
+
+ansible localhost -vvv -m kolla_keystone_service -a "service_name=neutron \
+service_type=network \
+description='Openstack Networking' \
+endpoint_region={{ .Values.keystone.neutron_region_name }} \
+url='{{ include "endpoint_neutron_api_internal" . }}' \
+interface=admin \
+region_name={{ .Values.keystone.admin_region_name }} \
+auth='{{ include "keystone_auth" .}}'" \
+-e "{'openstack_neutron_auth':{{ include "keystone_auth" .}}}"
+
+ansible localhost -vvv -m kolla_keystone_service -a "service_name=neutron \
+service_type=network \
+description='Openstack Networking' \
+endpoint_region={{ .Values.keystone.neutron_region_name }} \
+url='{{ include "endpoint_neutron_api_internal" . }}' \
+interface=internal \
+region_name={{ .Values.keystone.admin_region_name }} \
+auth='{{ include "keystone_auth" .}}'" \
+-e "{'openstack_neutron_auth':{{ include "keystone_auth" .}}}"
+
+ansible localhost -vvv -m kolla_keystone_service -a "service_name=neutron \
+service_type=network \
+description='Openstack Networking' \
+endpoint_region={{ .Values.keystone.neutron_region_name }} \
+url='{{ include "endpoint_neutron_api_internal" . }}' \
+interface=public \
+region_name={{ .Values.keystone.admin_region_name }} \
+auth='{{ include "keystone_auth" .}}'" \
+-e "{'openstack_neutron_auth':{{ include "keystone_auth" .}}}"
+
+ansible localhost -vvv -m kolla_keystone_user -a "project=service \
+user={{ .Values.keystone.neutron_user }} \
+password={{ .Values.keystone.neutron_password }} \
+role=admin \
+region_name={{ .Values.keystone.neutron_region_name }} \
+auth='{{ include "keystone_auth" .}}'" \
+-e "{'openstack_neutron_auth':{{ include "keystone_auth" .}}}"
--- a/neutron/templates/configmap-bin.yaml
+++ b/neutron/templates/configmap-bin.yaml
@ -0,0 +1,17 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: neutron-bin
+data:
+  init.sh: |
+{{ tuple "bin/_init.sh.tpl" . | include "template" | indent 4 }}
+  neutron-openvswitch-agent.sh: |
+{{ tuple "bin/_neutron-openvswitch-agent.sh.tpl" . | include "template" | indent 4 }}
+  openvswitch-db-server.sh: |
+{{ tuple "bin/_openvswitch-db-server.sh.tpl" . | include "template" | indent 4 }}
+  openvswitch-ensure-configured.sh: |
+{{ tuple "bin/_openvswitch-ensure-configured.sh.tpl" . | include "template" | indent 4 }}
+  openvswitch-vswitchd.sh: |
+{{ tuple "bin/_openvswitch-vswitchd.sh.tpl" . | include "template" | indent 4 }}
+  post.sh: |
+{{ tuple "bin/_post.sh.tpl" . | include "template" | indent 4 }}
--- a/neutron/templates/configmap-etc.yaml
+++ b/neutron/templates/configmap-etc.yaml
@ -0,0 +1,19 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: neutron-etc
+data:
+  dhcp-agent.ini: |
+{{ tuple "etc/_dhcp-agent.ini.tpl" . | include "template" | indent 4 }}
+  l3-agent.ini: |
+{{ tuple "etc/_l3-agent.ini.tpl" . | include "template" | indent 4 }}
+  metadata-agent.ini: |
+{{ tuple "etc/_metadata-agent.ini.tpl" . | include "template" | indent 4 }}
+  ml2-conf.ini: |
+{{ tuple "etc/_ml2-conf.ini.tpl" . | include "template" | indent 4 }}
+  neutron.conf: |
+{{ tuple "etc/_neutron.conf.tpl" . | include "template" | indent 4 }}
+  resolv.conf: |
+{{ tuple "etc/_resolv.conf.tpl" . | include "template" | indent 4 }}
+  dnsmasq.conf: ""
+  
--- a/neutron/templates/daemonset-dhcp-agent.yaml
+++ b/neutron/templates/daemonset-dhcp-agent.yaml
@ -0,0 +1,83 @@
+apiVersion: extensions/v1beta1
+kind: DaemonSet
+metadata:
+  name: neutron-dhcp-agent
+spec:
+  template:
+    metadata:
+      labels:
+        app: neutron-dhcp-agent
+    spec:
+      nodeSelector:
+        {{ .Values.labels.agent.dhcp.node_selector_key }}: {{ .Values.labels.agent.dhcp.node_selector_value }}
+      securityContext:
+        runAsUser: 0
+      dnsPolicy: ClusterFirst
+      hostNetwork: true
+      containers:
+        - name: neutron-dhcp-agent
+          image: {{ .Values.images.dhcp }}
+          imagePullPolicy: {{ .Values.images.pull_policy }}
+          securityContext:
+            privileged: true
+          env:
+            - name: INTERFACE_NAME
+              value: {{ .Values.network.interface.dhcp | default .Values.network.interface.default }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: COMMAND
+              value: "neutron-dhcp-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/dhcp-agent.ini"
+            - name: DEPENDENCY_JOBS
+              value: "{{  include "joinListWithColon" .Values.dependencies.dhcp.jobs }}"
+            - name: DEPENDENCY_SERVICE
+              value: "{{  include "joinListWithColon" .Values.dependencies.dhcp.service }}"
+            - name: DEPENDENCY_DAEMONSET
+              value: "{{  include "joinListWithColon" .Values.dependencies.dhcp.daemonset }}"
+          volumeMounts:
+            - name: neutronconf
+              mountPath: /etc/neutron/neutron.conf
+              subPath: neutron.conf
+            - name: ml2confini
+              mountPath: /etc/neutron/plugins/ml2/ml2-conf.ini
+              subPath: ml2-conf.ini
+            - name: dhcpagentini
+              mountPath: /etc/neutron/dhcp-agent.ini
+              subPath: dhcp-agent.ini
+            - name: dnsmasqconf
+              mountPath: /etc/neutron/dnsmasq.conf
+              subPath: dnsmasq.conf
+            - name: runopenvswitch
+              mountPath: /run/openvswitch
+            - name: socket
+              mountPath: /var/lib/neutron/openstack-helm
+            - name: resolvconf
+              mountPath: /etc/resolv.conf
+              subPath: resolv.conf              
+      volumes:
+        - name: neutronconf
+          configMap:
+            name: neutron-etc
+        - name: ml2confini
+          configMap:
+            name: neutron-etc
+        - name: dhcpagentini
+          configMap:
+            name: neutron-etc
+        - name: dnsmasqconf
+          configMap:
+            name: neutron-etc
+        - name: runopenvswitch
+          hostPath:
+            path: /run/openvswitch
+        - name: resolvconf
+          configMap:
+            name: neutron-etc
+        - name: socket
+          hostPath:
+            path: /var/lib/neutron/openstack-helm
--- a/neutron/templates/daemonset-l3-agent.yaml
+++ b/neutron/templates/daemonset-l3-agent.yaml
@ -0,0 +1,77 @@
+apiVersion: extensions/v1beta1
+kind: DaemonSet
+metadata:
+  name: neutron-l3-agent
+spec:
+  template:
+    metadata:
+      labels:
+        app: neutron-l3-agent
+    spec:
+      nodeSelector:
+        {{ .Values.labels.agent.l3.node_selector_key }}: {{ .Values.labels.agent.l3.node_selector_value }}
+      securityContext:
+        runAsUser: 0
+      dnsPolicy: ClusterFirst
+      hostNetwork: true
+      containers:
+        - name: neutron-l3-agent
+          image: {{ .Values.images.l3 }}
+          imagePullPolicy: {{ .Values.images.pull_policy }}
+          securityContext:
+            privileged: true
+          env:
+            - name: INTERFACE_NAME
+              value: {{ .Values.network.interface.l3 | default .Values.network.interface.default }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: COMMAND
+              value: "neutron-l3-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3-agent.ini --config-file /etc/neutron/plugins/ml2/ml2-conf.ini"
+            - name: DEPENDENCY_JOBS
+              value: "{{  include "joinListWithColon" .Values.dependencies.l3.jobs }}"
+            - name: DEPENDENCY_SERVICE
+              value: "{{  include "joinListWithColon" .Values.dependencies.l3.service }}"
+            - name: DEPENDENCY_DAEMONSET
+              value: "{{  include "joinListWithColon" .Values.dependencies.l3.daemonset }}"              
+          volumeMounts:
+            - name: neutronconf
+              mountPath: /etc/neutron/neutron.conf
+              subPath: neutron.conf
+            - name: ml2confini
+              mountPath: /etc/neutron/plugins/ml2/ml2-conf.ini
+              subPath: ml2-conf.ini
+            - name: l3agentini
+              mountPath: /etc/neutron/l3-agent.ini
+              subPath: l3-agent.ini
+            - name: resolvconf
+              mountPath: /etc/resolv.conf
+              subPath: resolv.conf                 
+            - name: runopenvswitch
+              mountPath: /run/openvswitch
+            - name: socket
+              mountPath: /var/lib/neutron/stackanetes
+      volumes:
+        - name: neutronconf
+          configMap:
+            name: neutron-etc
+        - name: ml2confini
+          configMap:
+            name: neutron-etc
+        - name: resolvconf
+          configMap:
+            name: neutron-etc
+        - name: l3agentini
+          configMap:
+            name: neutron-etc
+        - name: runopenvswitch
+          hostPath:
+            path: /run/openvswitch
+        - name: socket
+          hostPath:
+            path: /var/lib/neutron/stackanetes
--- a/neutron/templates/daemonset-metadata-agent.yaml
+++ b/neutron/templates/daemonset-metadata-agent.yaml
@ -0,0 +1,79 @@
+apiVersion: extensions/v1beta1
+kind: DaemonSet
+metadata:
+  name: neutron-metadata-agent
+spec:
+  template:
+    metadata:
+      labels:
+        app: neutron-metadata-agent
+    spec:
+      nodeSelector:
+        {{ .Values.labels.agent.metadata.node_selector_key }}: {{ .Values.labels.agent.metadata.node_selector_value }}
+      securityContext:
+        runAsUser: 0
+      dnsPolicy: ClusterFirst
+      hostNetwork: true
+      containers:
+        - name: neutron-metadata-agent
+          image: {{ .Values.images.metadata }}
+          imagePullPolicy: {{ .Values.images.pull_policy }}
+          securityContext:
+            privileged: true
+          env:
+            - name: INTERFACE_NAME
+              value: {{ .Values.network.interface.metadata | default .Values.network.interface.default }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: COMMAND
+              value: "neutron-metadata-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/metadata-agent.ini"
+            - name: DEPENDENCY_JOBS
+              value: "{{  include "joinListWithColon" .Values.dependencies.metadata.jobs }}"
+            - name: DEPENDENCY_SERVICE
+              value: "{{  include "joinListWithColon" .Values.dependencies.metadata.service }}"
+            - name: DEPENDENCY_DAEMONSET
+              value: "{{  include "joinListWithColon" .Values.dependencies.metadata.daemonset }}"              
+          ports:
+          - containerPort: {{ .Values.network.port.metadata }}              
+          volumeMounts:
+            - name: neutronconf
+              mountPath: /etc/neutron/neutron.conf
+              subPath: neutron.conf
+            - name: ml2confini
+              mountPath: /etc/neutron/plugins/ml2/ml2-conf.ini
+              subPath: ml2-conf.ini
+            - name: metadataagentini
+              mountPath: /etc/neutron/metadata-agent.ini
+              subPath: metadata-agent.ini
+            - name: resolvconf
+              mountPath: /etc/resolv.conf
+              subPath: resolv.conf              
+            - name: runopenvswitch
+              mountPath: /run/openvswitch
+            - name: socket
+              mountPath: /var/lib/neutron/stackanetes
+      volumes:
+        - name: neutronconf
+          configMap:
+            name: neutron-etc
+        - name: ml2confini
+          configMap:
+            name: neutron-etc
+        - name: metadataagentini
+          configMap:
+            name: neutron-etc
+        - name: resolvconf
+          configMap:
+            name: neutron-etc            
+        - name: runopenvswitch
+          hostPath:
+            path: /run/openvswitch
+        - name: socket
+          hostPath:
+            path: /var/lib/neutron/openstack-helm
--- a/neutron/templates/daemonset-openvswitch.yaml
+++ b/neutron/templates/daemonset-openvswitch.yaml
@ -0,0 +1,166 @@
+apiVersion: extensions/v1beta1
+kind: DaemonSet
+metadata:
+  name: neutron-openvswitch
+spec:
+  template:
+    metadata:
+      labels:
+        app: neutron-openvswitch
+    spec:
+      nodeSelector:
+        {{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }}    
+      securityContext:
+        runAsUser: 0
+      dnsPolicy: ClusterFirst
+      hostNetwork: true
+      containers:
+        - name: neutron-openvswitch-agent
+          image: {{ .Values.images.neutron_openvswitch_agent }}
+          imagePullPolicy: {{ .Values.images.pull_policy }}
+          securityContext:
+            privileged: true
+          # ensures this container can can see a br-int
+          # bridge before its marked as ready
+          readinessProbe:
+            exec:
+              command:
+                - bash
+                - -c
+                - 'ovs-vsctl list-br | grep -q br-int'
+          env:
+            - name: INTERFACE_NAME
+              value: {{ .Values.network.interface.openvswitch | default .Values.network.interface.default }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: COMMAND
+              value: "bash /tmp/neutron-openvswitch-agent.sh"
+            - name: DEPENDENCY_JOBS
+              value: "{{  include "joinListWithColon" .Values.dependencies.openvswitchagent.jobs }}"
+            - name: DEPENDENCY_SERVICE
+              value: "{{  include "joinListWithColon" .Values.dependencies.openvswitchagent.service }}"
+            - name: DEPENDENCY_CONTAINER
+              value: "{{  include "joinListWithColon" .Values.dependencies.openvswitchagent.container }}"
+          volumeMounts:
+            - name: neutronopenvswitchagentsh
+              mountPath: /tmp/neutron-openvswitch-agent.sh
+              subPath: neutron-openvswitch-agent.sh
+            - name: neutronconf
+              mountPath: /etc/neutron/neutron.conf
+              subPath: neutron.conf
+            - name: ml2confini
+              mountPath: /etc/neutron/plugins/ml2/ml2-conf.ini
+              subPath: ml2-conf.ini
+            - name: libmodules
+              mountPath: /lib/modules
+              readOnly: true
+            - name: run
+              mountPath: /run
+            - mountPath: /etc/resolv.conf
+              name: resolvconf
+              subPath: resolv.conf
+        - name: openvswitch-db-server
+          image: {{ .Values.images.openvswitch_db_server }}
+          imagePullPolicy: {{ .Values.images.pull_policy }}
+          securityContext:
+            privileged: true
+          env:
+            - name: INTERFACE_NAME
+              value: {{ .Values.network.interface.openvswitch | default .Values.network.interface.default }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: COMMAND
+              value: "bash /tmp/openvswitch-db-server.sh"
+          volumeMounts:
+            - name: openvswitchdbserversh
+              mountPath: /tmp/openvswitch-db-server.sh
+              subPath: openvswitch-db-server.sh
+            - mountPath: /etc/resolv.conf
+              name: resolvconf
+              subPath: resolv.conf
+            - name: varlibopenvswitch
+              mountPath: /var/lib/openvswitch/
+            - name: run
+              mountPath: /run
+
+        - name: openvswitch-vswitchd
+          image: {{ .Values.images.openvswitch_vswitchd }}
+          imagePullPolicy: {{ .Values.images.pull_policy }}
+          securityContext:
+            privileged: true
+          # ensures this container can speak to the ovs database
+          # successfully before its marked as ready
+          readinessProbe:
+            exec:
+              command:
+                - /usr/bin/ovs-vsctl
+                - show
+          env:
+            - name: INTERFACE_NAME
+              value: {{ .Values.network.interface.openvswitch | default .Values.network.interface.default }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: COMMAND
+              value: "bash /tmp/openvswitch-vswitchd.sh"
+            - name: DEPENDENCY_CONTAINER
+              value: "openvswitch-db-server"
+          volumeMounts:
+            - name: openvswitchvswitchdsh
+              mountPath: /tmp/openvswitch-vswitchd.sh
+              subPath: openvswitch-vswitchd.sh
+            - name: openvswitchensureconfiguredsh
+              mountPath: /tmp/openvswitch-ensure-configured.sh
+              subPath: openvswitch-ensure-configured.sh
+            - name: libmodules
+              mountPath: /lib/modules
+              readOnly: true
+            - name: run
+              mountPath: /run
+      volumes:
+        - name: openvswitchdbserversh
+          configMap:
+            name: neutron-bin
+        - name: openvswitchvswitchdsh
+          configMap:
+            name: neutron-bin
+        - name: openvswitchensureconfiguredsh
+          configMap:
+            name: neutron-bin
+        - name: varlibopenvswitch
+          emptyDir: {}
+        - name: neutronopenvswitchagentsh
+          configMap:
+            name: neutron-bin
+        - name: neutronconf
+          configMap:
+            name: neutron-etc
+        - name: ml2confini
+          configMap:
+            name: neutron-etc
+        - name: resolvconf
+          configMap:
+            name: neutron-etc
+        - name: libmodules
+          hostPath:
+            path: /lib/modules
+        - name: run
+          hostPath:
+            path: /run
--- a/neutron/templates/deployment-server.yaml
+++ b/neutron/templates/deployment-server.yaml
@ -0,0 +1,53 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: neutron-server
+spec:
+  replicas: {{ .Values.replicas.server }}
+  template:
+    metadata:
+      labels:
+        app: neutron-server
+    spec:
+      nodeSelector:
+        {{ .Values.labels.server.node_selector_key }}: {{ .Values.labels.server.node_selector_value }}
+      containers:
+        - name: neutron-server
+          image: {{ .Values.images.server }}
+          imagePullPolicy: {{ .Values.images.pull_policy }}
+          env:
+            - name: INTERFACE_NAME
+              value: "eth0"
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: COMMAND
+              value: "neutron-server --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2-conf.ini"
+            - name: DEPENDENCY_JOBS
+              value: "{{  include "joinListWithColon" .Values.dependencies.server.jobs }}"
+            - name: DEPENDENCY_SERVICE
+              value: "{{  include "joinListWithColon" .Values.dependencies.server.service }}"
+          ports:
+          - containerPort: {{ .Values.network.port.server }}
+          readinessProbe:
+            tcpSocket:
+              port: {{ .Values.network.port.server }}
+          volumeMounts:
+            - name: neutronconf
+              mountPath: /etc/neutron/neutron.conf
+              subPath: neutron.conf
+            - name: ml2confini
+              mountPath: /etc/neutron/plugins/ml2/ml2-conf.ini
+              subPath: ml2-conf.ini
+      volumes:
+        - name: neutronconf
+          configMap:
+            name: neutron-etc
+        - name: ml2confini
+          configMap:
+            name: neutron-etc
--- a/neutron/templates/etc/_dhcp-agent.ini.tpl
+++ b/neutron/templates/etc/_dhcp-agent.ini.tpl
@ -0,0 +1,5 @@
+[DEFAULT]
+dnsmasq_config_file = /etc/neutron/dnsmasq.conf
+enable_isolated_metadata = true
+force_metadata = true
+interface_driver = openvswitch
--- a/neutron/templates/etc/_l3-agent.ini.tpl
+++ b/neutron/templates/etc/_l3-agent.ini.tpl
@ -0,0 +1,4 @@
+[DEFAULT]
+agent_mode = legacy
+enable_metadata_proxy = True
+enable_isolated_metadata = True
--- a/neutron/templates/etc/_metadata-agent.ini.tpl
+++ b/neutron/templates/etc/_metadata-agent.ini.tpl
@ -0,0 +1,31 @@
+[DEFAULT]
+debug = {{ .Values.metadata_agent.default.debug }}
+
+# Neutron credentials for API access
+auth_plugin = password
+auth_url = {{ include "endpoint_keystone_admin" . }}
+auth_uri = {{ include "endpoint_keystone_internal" . }}
+auth_region = {{ .Values.keystone.neutron_region_name }}
+admin_tenant_name = service
+project_domain_id = default
+user_domain_id = default
+project_name = service
+username = {{ .Values.keystone.admin_user }}
+password = {{ .Values.keystone.admin_password }}
+endpoint_type = adminURL
+
+# Nova metadata service IP and port
+nova_metadata_ip = {{ include "nova_metadata_host" . }}
+nova_metadata_port = {{ .Values.network.port.metadata }}
+nova_metadata_protocol = http
+
+# Metadata proxy shared secret
+metadata_proxy_shared_secret = {{ .Values.neutron.metadata_secret }}
+
+metadata_port = {{ .Values.network.port.metadata }}
+
+# Workers and backlog requests
+metadata_workers = {{ .Values.metadata.workers }}
+
+# Caching
+cache_url = memory://?default_ttl=5
--- a/neutron/templates/etc/_ml2-conf.ini.tpl
+++ b/neutron/templates/etc/_ml2-conf.ini.tpl
@ -0,0 +1,43 @@
+[ml2]
+# Changing type_drivers after bootstrap can lead to database inconsistencies
+type_drivers = {{ include "joinListWithColon" .Values.ml2.type_drivers }}
+tenant_network_types = {{ .Values.ml2.tenant_network_types }}
+mechanism_drivers = {{ include "joinListWithColon" .Values.ml2.mechanism_drivers }}
+
+[ml2_type_flat]
+flat_networks = {{ include "joinListWithColon" .Values.ml2.ml2_type_flat.flat_networks }}
+
+[ml2_type_gre]
+# (ListOpt) Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges
+# of GRE tunnel IDs that are available for tenant network allocation
+tunnel_id_ranges = {{ .Values.ml2.ml2_type_gre.tunnel_id_ranges }}
+
+[ml2_type_vxlan]
+vni_ranges = {{ .Values.ml2.ml2_type_vxlan.vni_ranges }}
+vxlan_group = {{ .Values.ml2.ml2_type_vxlan.vxlan_group }}
+
+[ml2_type_vlan]
+# (ListOpt) List of <physical_network>[:<vlan_min>:<vlan_max>] tuples
+# specifying physical_network names usable for VLAN provider and
+# tenant networks, as well as ranges of VLAN tags on each
+# physical_network available for allocation as tenant networks.
+network_vlan_ranges = {{ .Values.ml2.ml2_type_vlan.network_vlan_ranges }}
+
+[securitygroup]
+firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
+enable_security_group = True
+
+{{- if .Values.ml2.agent.tunnel_types }}
+[agent]
+tunnel_types = {{ .Values.ml2.agent.tunnel_types }}
+l2_population = false
+arp_responder = false
+{{- end }}
+
+[ovs]
+bridge_mappings = {{ include "joinListWithColon" .Values.ml2.ovs.bridge_mappings }}
+tenant_network_type = {{ .Values.ml2.agent.tunnel_types }}
+
+[vxlan]
+l2_population = true
+ovsdb_interface = {{ .Values.network.interface.openvswitch | default .Values.network.interface.default }}
--- a/neutron/templates/etc/_neutron.conf.tpl
+++ b/neutron/templates/etc/_neutron.conf.tpl
@ -0,0 +1,71 @@
+[DEFAULT]
+debug = {{ .Values.neutron.default.debug }}
+use_syslog = False
+use_stderr = True
+
+bind_host = {{ .Values.network.ip_address }}
+bind_port = {{ .Values.network.port.server }}
+
+#lock_path = /var/lock/neutron
+api_paste_config = /usr/share/neutron/api-paste.ini
+
+api_workers = {{ .Values.neutron.workers }}
+
+allow_overlapping_ips = True
+core_plugin = ml2
+service_plugins = router
+
+interface_driver = openvswitch
+
+metadata_proxy_socket = /var/lib/neutron/openstack-helm/metadata_proxy
+
+allow_automatic_l3agent_failover = True
+l3_ha = true
+min_l3_agents_per_router = 1
+max_l3_agents_per_router = 2
+l3_ha_network_type = {{ .Values.neutron.default.l3_ha_network_type }}
+
+dhcp_agents_per_network = 3
+
+network_auto_schedule = True
+router_auto_schedule = True
+
+transport_url = rabbit://{{ .Values.rabbitmq.admin_user }}:{{ .Values.rabbitmq.admin_password }}@{{ .Values.rabbitmq.address }}:{{ .Values.rabbitmq.port }}
+
+[nova]
+auth_url = {{ include "endpoint_keystone_internal" . }}
+auth_plugin = password
+project_domain_id = default
+user_domain_id = default
+endpoint_type = internal
+region_name = {{ .Values.keystone.nova_region_name }}
+project_name = service
+username = {{ .Values.keystone.nova_user }}
+password = {{ .Values.keystone.nova_password }}
+
+[oslo_concurrency]
+lock_path = /var/lib/neutron/tmp
+
+[ovs]
+ovsdb_connection = unix:/var/run/openvswitch/db.sock
+
+[agent]
+root_helper = sudo /var/lib/kolla/venv/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
+l2_population = true
+arp_responder = true
+
+[database]
+connection = mysql+pymysql://{{ .Values.database.neutron_user }}:{{ .Values.database.neutron_password }}@{{ include "neutron_db_host" . }}/{{ .Values.database.neutron_database_name }}
+max_retries = -1
+
+[keystone_authtoken]
+auth_url = {{ include "endpoint_keystone_internal" . }}
+auth_type = password
+project_domain_id = default
+user_domain_id = default
+project_name = service
+username = {{ .Values.keystone.neutron_user }}
+password = {{ .Values.keystone.neutron_password }}
+
+[oslo_messaging_notifications]
+driver = noop
--- a/neutron/templates/etc/_resolv.conf.tpl
+++ b/neutron/templates/etc/_resolv.conf.tpl
@ -0,0 +1,5 @@
+search {{ .Release.Namespace }}.svc.{{ .Values.network.dns.kubernetes_domain }} svc.{{ .Values.network.dns.kubernetes_domain }} {{ .Values.network.dns.kubernetes_domain }}
+{{- range .Values.network.dns.servers }}
+nameserver {{ . | title }}
+{{- end }}
+options ndots:5
--- a/neutron/templates/job-db-sync.yaml
+++ b/neutron/templates/job-db-sync.yaml
@ -0,0 +1,43 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: neutron-db-sync
+spec:
+  template:
+    spec:
+      restartPolicy: OnFailure
+      containers:
+        - name: neutron-db-sync
+          image: {{ .Values.images.db_sync }}
+          imagePullPolicy: {{ .Values.images.pull_policy }}
+          env:
+            - name: INTERFACE_NAME
+              value: "eth0"
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: COMMAND
+              value: "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2-conf.ini upgrade head"
+            - name: DEPENDENCY_JOBS
+              value: "{{  include "joinListWithColon" .Values.dependencies.db_sync.jobs }}"
+            - name: DEPENDENCY_SERVICE
+              value: "{{  include "joinListWithColon" .Values.dependencies.db_sync.service }}"
+          volumeMounts:
+            - name: neutronconf
+              mountPath: /etc/neutron/neutron.conf
+              subPath: neutron.conf
+            - name: ml2confini
+              mountPath: /etc/neutron/plugins/ml2/ml2-conf.ini
+              subPath: ml2-conf.ini
+      volumes:
+        - name: neutronconf
+          configMap:
+            name: neutron-etc
+        - name: ml2confini
+          configMap:
+            name: neutron-etc
--- a/neutron/templates/job-init.yaml
+++ b/neutron/templates/job-init.yaml
@ -0,0 +1,37 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: neutron-init
+spec:
+  template:
+    spec:
+      restartPolicy: OnFailure
+      containers:
+        - name: neutron-init
+          image: {{ .Values.images.init }}
+          imagePullPolicy: {{ .Values.images.pull_policy }}
+          env:
+            - name: INTERFACE_NAME
+              value: "eth0"
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: COMMAND
+              value: "bash /tmp/init.sh"
+            - name: DEPENDENCY_JOBS
+              value: "{{  include "joinListWithColon" .Values.dependencies.init.jobs }}"
+            - name: DEPENDENCY_SERVICE
+              value: "{{  include "joinListWithColon" .Values.dependencies.init.service }}"
+          volumeMounts:
+            - name: initsh
+              mountPath: /tmp/init.sh
+              subPath: init.sh
+      volumes:
+        - name: initsh
+          configMap:
+            name: neutron-bin
--- a/neutron/templates/job-post.yaml
+++ b/neutron/templates/job-post.yaml
@ -0,0 +1,39 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: neutron-post
+spec:
+  template:
+    spec:
+      restartPolicy: OnFailure
+      containers:
+        - name: neutron-post
+          image: {{ .Values.images.post }}
+          imagePullPolicy: {{ .Values.images.pull_policy }}
+          env:
+            - name: INTERFACE_NAME
+              value: "eth0"
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: COMMAND
+              value: "bash /tmp/post.sh"
+            - name: DEPENDENCY_JOBS
+              value:  "{{  include "joinListWithColon" .Values.dependencies.post.jobs }}"
+            - name: DEPENDENCY_SERVICE
+              value: "{{  include "joinListWithColon" .Values.dependencies.post.service }}"
+            - name: ANSIBLE_LIBRARY
+              value: /usr/share/ansible/
+          volumeMounts:
+            - name: postsh
+              mountPath: /tmp/post.sh
+              subPath: post.sh
+      volumes:
+        - name: postsh
+          configMap:
+            name: neutron-bin
--- a/neutron/templates/service.yaml
+++ b/neutron/templates/service.yaml
@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: neutron-server
+spec:
+  ports:
+    - port: {{ .Values.network.port.server }}
+  selector:
+    app: neutron-server
--- a/neutron/values.yaml
+++ b/neutron/values.yaml
@ -0,0 +1,241 @@
+# Default values for memcached.
+# This is a YAML-formatted file.
+# Declare name/value pairs to be passed into your templates.
+# name: value
+
+replicas:
+  server: 1
+
+images:
+  init: quay.io/stackanetes/stackanetes-kolla-toolbox:barcelona
+  db_sync: quay.io/stackanetes/stackanetes-neutron-server:barcelona
+  server: quay.io/stackanetes/stackanetes-neutron-server:barcelona
+  dhcp: quay.io/stackanetes/stackanetes-neutron-dhcp-agent:barcelona
+  metadata: quay.io/stackanetes/stackanetes-neutron-metadata-agent:barcelona
+  l3: quay.io/stackanetes/stackanetes-neutron-l3-agent:barcelona
+  neutron_openvswitch_agent: quay.io/stackanetes/stackanetes-neutron-openvswitch-agent:barcelona
+  openvswitch_db_server: quay.io/attcomdev/openvswitch-vswitchd:latest
+  openvswitch_vswitchd: quay.io/attcomdev/openvswitch-vswitchd:latest
+  post: quay.io/stackanetes/stackanetes-kolla-toolbox:barcelona
+  entrypoint: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0
+  pull_policy: "IfNotPresent"
+
+labels:
+  # ovs is a special case, requiring a special
+  # label that can apply to both control hosts
+  # and compute hosts, until we get more sophisticated
+  # with our daemonset scheduling
+  ovs:
+      node_selector_key: openvswitch
+      node_selector_value: enabled
+  agent:
+    dhcp:
+      node_selector_key: openstack-control-plane
+      node_selector_value: enabled
+    l3: 
+      node_selector_key: openstack-control-plane
+      node_selector_value: enabled
+    metadata:
+      node_selector_key: openstack-control-plane
+      node_selector_value: enabled
+  server:
+    node_selector_key: openstack-control-plane
+    node_selector_value: enabled
+
+network:
+  dns:
+    kubernetes_domain: cluster.local
+    # this must list the skydns server first, and in calico
+    # this is consistently 10.96.0.10
+    servers: 
+    - 10.96.0.10
+    - 8.8.8.8
+  external_bridge: br-ex
+  ip_address: 0.0.0.0
+  interface:
+    external: enp12s0f0
+    default: enp11s0f0
+  port: 
+    server: 9696
+    metadata: 8775
+
+memcached: 
+  address: "memcached:11211"
+
+rabbitmq: 
+  address: rabbitmq
+  admin_user: rabbitmq
+  admin_password: password
+  port: 5672
+
+keystone:
+  admin_user: "admin"
+  admin_password: "password"
+  admin_project_name: "admin"
+  admin_region_name: "RegionOne"
+  domain_name: "default"
+  tenant_name: "admin"
+
+  neutron_user: "neutron"
+  neutron_password: "password"
+  neutron_region_name: "RegionOne"
+
+  nova_user: "nova"
+  nova_password: "password"
+  nova_region_name: "RegionOne"
+
+database:
+  port: 3306
+  root_user: root
+  root_password: password
+  neutron_database_name: neutron
+  neutron_password: password
+  neutron_user: neutron
+
+metadata_agent:
+  default:
+    debug: 'True'
+
+neutron:
+  workers: 4
+  default:
+    l3_ha_network_type: gre
+    debug: 'True'
+metadata:
+  workers: 4
+
+ml2:
+  tenant_network_types: "flat"
+  agent:
+    tunnel_types: null
+  type_drivers:
+    - flat
+  mechanism_drivers:
+    - openvswitch
+    - l2population
+  ml2_type_vxlan:
+    vni_ranges: "1:1000"
+    vxlan_group: 239.1.1.1
+  ml2_type_gre:
+    tunnel_id_ranges: "1:1000"
+  ml2_type_flat:
+    flat_networks:
+    - "*"
+  ml2_type_vlan:
+    network_vlan_ranges: "physnet1:1100:1110"
+  ovs:
+    auto_bridge_add:
+      br-physnet1: enp11s0f0
+    bridge_mappings:
+      - "physnet1:br-physnet1"
+
+dependencies:  
+  server:
+    jobs:
+    - neutron-db-sync
+    - mariadb-seed
+    service:
+    - rabbitmq
+    - mariadb
+    - keystone-api
+    - memcached
+  dhcp:
+    service:
+    - neutron-server
+    - rabbitmq
+    - nova-api
+    jobs:
+    - neutron-init
+    - nova-post
+    daemonset:
+    - neutron-openvswitch
+  metadata:
+    jobs:
+    - neutron-init
+    - nova-post
+    service:
+    - neutron-server
+    - rabbitmq
+    - nova-api
+    daemonset:
+    - neutron-openvswitch
+  openvswitchagent:
+    jobs:
+    - neutron-post
+    - nova-post
+    service:
+    - keystone-api
+    - rabbitmq
+    - neutron-server
+    container:
+    - openvswitch-db-server
+    - openvswitch-vswitchd
+  l3:
+    jobs:
+    - nova-init
+    - neutron-init
+    - nova-post
+    service:
+    - neutron-server
+    - rabbitmq
+    - nova-api
+    daemonset:
+    - neutron-openvswitch    
+  db_sync:
+    jobs:
+    - neutron-init
+    - mariadb-seed
+    service:
+    - mariadb
+  init:
+    jobs:
+    - mariadb-seed
+    service:
+    - mariadb
+  post:
+    jobs:
+    - neutron-db-sync
+    service:
+    - keystone-api
+    - neutron-server
+
+# typically overriden by environmental 
+# values, but should include all endpoints
+# required by this chart
+endpoints:
+  glance:
+    hosts:
+      default: glance-api
+    type: image
+    path: null
+    scheme: 'http'
+    port:
+      api: 9292
+      registry: 9191
+  nova:
+    hosts:
+      default: nova-api
+    path: "/v2/%(tenant_id)s"
+    type: compute
+    scheme: 'http'
+    port:
+      api: 8774
+      metadata: 8775
+      novncproxy: 6080
+  keystone:
+    hosts:
+      default: keystone-api
+    path: /v3
+    type: identity
+    scheme: 'http'
+    port:
+        admin: 35357
+        public: 5000
+  neutron:
+    hosts:
+      default: neutron-server
+    path: null
+    type: network
+    scheme: 'http'
+    port:
+      api: 9696