Merge "Neutron: add linuxbridge daemonset and config script"

2017-08-29 13:43:21 +00:00 · 2017-08-29 13:43:21 +00:00 · 38cc836bab
commit 38cc836bab
parent 774c34176d aaedb4a150
13 changed files with 509 additions and 10 deletions
--- a/neutron/templates/bin/_neutron-dhcp-agent.sh.tpl
+++ b/neutron/templates/bin/_neutron-dhcp-agent.sh.tpl
@ -20,5 +20,7 @@ set -x
 exec neutron-dhcp-agent \
      --config-file /etc/neutron/neutron.conf \
      --config-file /etc/neutron/dhcp_agent.ini \
-      --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \
+      --config-file /etc/neutron/plugins/ml2/ml2_conf.ini
+{{- if eq .Values.network.backend "ovs" }} \
      --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini
+{{- end }}
--- a/neutron/templates/bin/_neutron-l3-agent.sh.tpl
+++ b/neutron/templates/bin/_neutron-l3-agent.sh.tpl
@ -20,5 +20,7 @@ set -x
 exec neutron-l3-agent \
      --config-file /etc/neutron/neutron.conf \
      --config-file /etc/neutron/l3_agent.ini \
-      --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \
+      --config-file /etc/neutron/plugins/ml2/ml2_conf.ini
+{{- if eq .Values.network.backend "ovs" }} \
      --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini
+{{- end }}
--- a/neutron/templates/bin/_neutron-linuxbridge-agent-init.sh.tpl
+++ b/neutron/templates/bin/_neutron-linuxbridge-agent-init.sh.tpl
@ -0,0 +1,65 @@
+#!/bin/bash
+
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -ex
+
+modprobe ebtables
+
+# configure external bridge
+external_bridge="{{- .Values.network.external_bridge -}}"
+external_interface="{{- .Values.network.interface.external -}}"
+if [ -n "${external_bridge}" ] ; then
+    # adding existing bridge would break out the script when -e is set
+    set +e
+    ip link add name $external_bridge type bridge
+    set -e
+    ip link set dev $external_bridge up
+    if [ -n "$external_interface" ] ; then
+        ip link set dev $external_interface master $external_bridge
+    fi
+fi
+
+
+# configure all bridge mappings defined in config
+{{- range $br, $phys := .Values.network.auto_bridge_add }}
+if [ -n "{{- $br -}}" ] ; then
+    # adding existing bridge would break out the script when -e is set
+    set +e
+    ip link add name {{ $br }} type bridge
+    set -e
+    ip link set dev {{ $br }} up
+    if [ -n "{{- $phys -}}" ] ; then
+        ip link set dev {{ $phys }}  master {{ $br }}
+    fi
+fi
+{{- end }}
+
+
+tunnel_interface="{{- .Values.network.interface.tunnel -}}"
+if [ -z "${tunnel_interface}" ] ; then
+    # search for interface with default routing
+    # If there is not default gateway, exit
+    tunnel_interface=$(ip r | grep default | grep -oP '(?<=dev ).*') || exit 1
+fi
+
+# determine local-ip dynamically based on interface provided but only if tunnel_types is not null
+IP=$(ip a s $tunnel_interface | grep 'inet ' | awk '{print $2}' | awk -F "/" '{print $1}')
+cat <<EOF>/tmp/pod-shared/ml2-local-ip.ini
+[vxlan]
+local_ip = $IP
+EOF
--- a/neutron/templates/bin/_neutron-linuxbridge-agent.sh.tpl
+++ b/neutron/templates/bin/_neutron-linuxbridge-agent.sh.tpl
@ -0,0 +1,25 @@
+#!/bin/bash
+
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -ex
+
+exec neutron-linuxbridge-agent \
+  --config-file /etc/neutron/neutron.conf \
+  --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \
+  --config-file /tmp/pod-shared/ml2-local-ip.ini \
+  --config-file /etc/neutron/plugins/ml2/linuxbridge_agent.ini
--- a/neutron/templates/bin/_neutron-metadata-agent.sh.tpl
+++ b/neutron/templates/bin/_neutron-metadata-agent.sh.tpl
@ -20,5 +20,7 @@ set -x
 exec neutron-metadata-agent \
      --config-file /etc/neutron/neutron.conf \
      --config-file /etc/neutron/metadata_agent.ini \
-      --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \
+      --config-file /etc/neutron/plugins/ml2/ml2_conf.ini
+{{- if eq .Values.network.backend "ovs" }} \
      --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini
+{{- end }}
--- a/neutron/templates/configmap-bin.yaml
+++ b/neutron/templates/configmap-bin.yaml
@ -43,6 +43,10 @@ data:
 {{ tuple "bin/_neutron-dhcp-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
  neutron-l3-agent.sh: |+
 {{ tuple "bin/_neutron-l3-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+  neutron-linuxbridge-agent.sh: |+
+{{ tuple "bin/_neutron-linuxbridge-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+  neutron-linuxbridge-agent-init.sh: |+
+{{ tuple "bin/_neutron-linuxbridge-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
  neutron-metadata-agent.sh: |+
 {{ tuple "bin/_neutron-metadata-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
  neutron-openvswitch-agent.sh: |+
--- a/neutron/templates/daemonset-dhcp-agent.yaml
+++ b/neutron/templates/daemonset-dhcp-agent.yaml
@ -63,10 +63,14 @@ spec:
              mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini
              subPath: ml2_conf.ini
              readOnly: true
+            {{- if eq .Values.network.backend "ovs" }}
            - name: neutron-etc
              mountPath: /etc/neutron/plugins/ml2/openvswitch_agent.ini
              subPath: openvswitch_agent.ini
              readOnly: true
+            - name: runopenvswitch
+              mountPath: /run/openvswitch
+            {{- end }}
            - name: neutron-etc
              mountPath: /etc/neutron/dhcp_agent.ini
              subPath: dhcp_agent.ini
@ -126,8 +130,6 @@ spec:
              mountPath: /etc/neutron/rootwrap.d/openvswitch-plugin.filters
              subPath: openvswitch-plugin.filters
              readOnly: true
-            - name: runopenvswitch
-              mountPath: /run/openvswitch
            - name: socket
              mountPath: /var/lib/neutron/openstack-helm
 {{ if $mounts_neutron_dhcp_agent.volumeMounts }}{{ toYaml $mounts_neutron_dhcp_agent.volumeMounts | indent 12 }}{{ end }}
@ -140,9 +142,11 @@ spec:
          configMap:
            name: neutron-etc
            defaultMode: 0444
+        {{- if eq .Values.network.backend "ovs" }}
        - name: runopenvswitch
          hostPath:
            path: /run/openvswitch
+        {{- end }}
        - name: socket
          hostPath:
            path: /var/lib/neutron/openstack-helm
--- a/neutron/templates/daemonset-l3-agent.yaml
+++ b/neutron/templates/daemonset-l3-agent.yaml
@ -63,10 +63,14 @@ spec:
              mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini
              subPath: ml2_conf.ini
              readOnly: true
+            {{- if eq .Values.network.backend "ovs" }}
            - name: neutron-etc
              mountPath: /etc/neutron/plugins/ml2/openvswitch_agent.ini
              subPath: openvswitch_agent.ini
              readOnly: true
+            - name: runopenvswitch
+              mountPath: /run/openvswitch
+            {{- end }}
            - name: neutron-etc
              mountPath: /etc/neutron/l3_agent.ini
              subPath: l3_agent.ini
@ -122,8 +126,6 @@ spec:
              mountPath: /etc/neutron/rootwrap.d/openvswitch-plugin.filters
              subPath: openvswitch-plugin.filters
              readOnly: true
-            - name: runopenvswitch
-              mountPath: /run/openvswitch
            - name: libmodules
              mountPath: /lib/modules
              readOnly: true
@ -139,9 +141,11 @@ spec:
          configMap:
            name: neutron-etc
            defaultMode: 0444
+        {{- if eq .Values.network.backend "ovs" }}
        - name: runopenvswitch
          hostPath:
            path: /run/openvswitch
+        {{- end }}
        - name: libmodules
          hostPath:
            path: /lib/modules
--- a/neutron/templates/daemonset-lb-agent.yaml
+++ b/neutron/templates/daemonset-lb-agent.yaml
@ -0,0 +1,238 @@
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.daemonset_lb_agent }}
+{{- $envAll := . }}
+{{- $dependencies := .Values.dependencies.lb_agent }}
+{{- $mounts_neutron_lb_agent := .Values.pod.mounts.neutron_lb_agent.neutron_lb_agent }}
+{{- $mounts_neutron_lb_agent_init := .Values.pod.mounts.neutron_lb_agent.init_container }}
+---
+apiVersion: extensions/v1beta1
+kind: DaemonSet
+metadata:
+  name: lb-agent
+spec:
+{{ tuple $envAll "lb_agent" | include "helm-toolkit.snippets.kubernetes_upgrades_daemonset" | indent 2 }}
+  template:
+    metadata:
+      labels:
+{{ tuple $envAll "neutron" "lb-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+      annotations:
+        configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
+        configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+    spec:
+      nodeSelector:
+        {{ .Values.labels.lb.node_selector_key }}: {{ .Values.labels.lb.node_selector_value }}
+      dnsPolicy: ClusterFirstWithHostNet
+      hostNetwork: true
+      initContainers:
+{{ tuple $envAll $dependencies $mounts_neutron_lb_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+        - name: lb-agent-init
+          image: {{ .Values.images.neutron_linuxbridge_agent }}
+          imagePullPolicy: {{ .Values.images.pull_policy }}
+{{ tuple $envAll $envAll.Values.pod.resources.agent.lb | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+          securityContext:
+            privileged: true
+            runAsUser: 0
+          command:
+            - /tmp/neutron-linuxbridge-agent-init.sh
+          volumeMounts:
+            - name: neutron-bin
+              mountPath: /tmp/neutron-linuxbridge-agent-init.sh
+              subPath: neutron-linuxbridge-agent-init.sh
+              readOnly: true
+            - name: pod-shared
+              mountPath: /tmp/pod-shared
+            - name: neutron-etc
+              mountPath: /etc/neutron/neutron.conf
+              subPath: neutron.conf
+              readOnly: true
+            - name: neutron-etc
+              mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini
+              subPath: ml2_conf.ini
+              readOnly: true
+            - name: neutron-etc
+              mountPath: /etc/neutron/plugins/ml2/linuxbridge_agent.ini
+              subPath: linuxbridge_agent.ini
+              readOnly: true
+            - name: neutron-etc
+              # NOTE (Portdirect): We mount here to overide Kollas custom
+              # sudoers file when using Kolla images, this location will
+              # also work fine for other images.
+              mountPath: /etc/sudoers.d/kolla_neutron_sudoers
+              subPath: neutron_sudoers
+              readOnly: true
+            - name: neutron-etc
+              mountPath: /etc/neutron/rootwrap.conf
+              subPath: rootwrap.conf
+              readOnly: true
+            - name: neutron-etc
+              mountPath: /etc/neutron/rootwrap.d/debug.filters
+              subPath: debug.filters
+              readOnly: true
+            - name: neutron-etc
+              mountPath: /etc/neutron/rootwrap.d/dibbler.filters
+              subPath: dibbler.filters
+              readOnly: true
+            - name: neutron-etc
+              mountPath: /etc/neutron/rootwrap.d/ipset-firewall.filters
+              subPath: ipset-firewall.filters
+              readOnly: true
+            - name: neutron-etc
+              mountPath: /etc/neutron/rootwrap.d/l3.filters
+              subPath: l3.filters
+              readOnly: true
+            - name: neutron-etc
+              mountPath: /etc/neutron/rootwrap.d/netns-cleanup.filters
+              subPath: netns-cleanup.filters
+              readOnly: true
+            - name: neutron-etc
+              mountPath: /etc/neutron/rootwrap.d/dhcp.filters
+              subPath: dhcp.filters
+              readOnly: true
+            - name: neutron-etc
+              mountPath: /etc/neutron/rootwrap.d/ebtables.filters
+              subPath: ebtables.filters
+              readOnly: true
+            - name: neutron-etc
+              mountPath: /etc/neutron/rootwrap.d/iptables-firewall.filters
+              subPath: iptables-firewall.filters
+              readOnly: true
+            - name: neutron-etc
+              mountPath: /etc/neutron/rootwrap.d/linuxbridge-plugin.filters
+              subPath: linuxbridge-plugin.filters
+              readOnly: true
+            - name: neutron-etc
+              mountPath: /etc/neutron/rootwrap.d/openvswitch-plugin.filters
+              subPath: openvswitch-plugin.filters
+              readOnly: true
+            - name: libmodules
+              mountPath: /lib/modules
+              readOnly: true
+            - name: run
+              mountPath: /run
+{{ if $mounts_neutron_lb_agent.volumeMounts }}{{ toYaml $mounts_neutron_lb_agent.volumeMounts | indent 12 }}{{ end }}
+      containers:
+        - name: lb-agent
+          image: {{ .Values.images.neutron_linuxbridge_agent }}
+          imagePullPolicy: {{ .Values.images.pull_policy }}
+{{ tuple $envAll $envAll.Values.pod.resources.agent.lb | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+          securityContext:
+            runAsUser: {{ .Values.pod.user.neutron.uid }}
+            privileged: true
+          command:
+            - /tmp/neutron-linuxbridge-agent.sh
+          readinessProbe:
+            exec:
+              command:
+                - bash
+                - -c
+                - 'brctl show'
+          volumeMounts:
+            - name: neutron-bin
+              mountPath: /tmp/neutron-linuxbridge-agent.sh
+              subPath: neutron-linuxbridge-agent.sh
+              readOnly: true
+            - name: pod-shared
+              mountPath: /tmp/pod-shared
+            - name: neutron-etc
+              mountPath: /etc/neutron/neutron.conf
+              subPath: neutron.conf
+              readOnly: true
+            - name: neutron-etc
+              mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini
+              subPath: ml2_conf.ini
+              readOnly: true
+            - name: neutron-etc
+              mountPath: /etc/neutron/plugins/ml2/linuxbridge_agent.ini
+              subPath: linuxbridge_agent.ini
+              readOnly: true
+            - name: neutron-etc
+              # NOTE (Portdirect): We mount here to overide Kollas custom
+              # sudoers file when using Kolla images, this location will
+              # also work fine for other images.
+              mountPath: /etc/sudoers.d/kolla_neutron_sudoers
+              subPath: neutron_sudoers
+              readOnly: true
+            - name: neutron-etc
+              mountPath: /etc/neutron/rootwrap.conf
+              subPath: rootwrap.conf
+              readOnly: true
+            - name: neutron-etc
+              mountPath: /etc/neutron/rootwrap.d/debug.filters
+              subPath: debug.filters
+              readOnly: true
+            - name: neutron-etc
+              mountPath: /etc/neutron/rootwrap.d/dibbler.filters
+              subPath: dibbler.filters
+              readOnly: true
+            - name: neutron-etc
+              mountPath: /etc/neutron/rootwrap.d/ipset-firewall.filters
+              subPath: ipset-firewall.filters
+              readOnly: true
+            - name: neutron-etc
+              mountPath: /etc/neutron/rootwrap.d/l3.filters
+              subPath: l3.filters
+              readOnly: true
+            - name: neutron-etc
+              mountPath: /etc/neutron/rootwrap.d/netns-cleanup.filters
+              subPath: netns-cleanup.filters
+              readOnly: true
+            - name: neutron-etc
+              mountPath: /etc/neutron/rootwrap.d/dhcp.filters
+              subPath: dhcp.filters
+              readOnly: true
+            - name: neutron-etc
+              mountPath: /etc/neutron/rootwrap.d/ebtables.filters
+              subPath: ebtables.filters
+              readOnly: true
+            - name: neutron-etc
+              mountPath: /etc/neutron/rootwrap.d/iptables-firewall.filters
+              subPath: iptables-firewall.filters
+              readOnly: true
+            - name: neutron-etc
+              mountPath: /etc/neutron/rootwrap.d/linuxbridge-plugin.filters
+              subPath: linuxbridge-plugin.filters
+              readOnly: true
+            - name: neutron-etc
+              mountPath: /etc/neutron/rootwrap.d/openvswitch-plugin.filters
+              subPath: openvswitch-plugin.filters
+              readOnly: true
+            - name: libmodules
+              mountPath: /lib/modules
+              readOnly: true
+            - name: run
+              mountPath: /run
+{{ if $mounts_neutron_lb_agent.volumeMounts }}{{ toYaml $mounts_neutron_lb_agent.volumeMounts | indent 12 }}{{ end }}
+      volumes:
+        - name: pod-shared
+          emptyDir: {}
+        - name: neutron-bin
+          configMap:
+            name: neutron-bin
+            defaultMode: 0555
+        - name: neutron-etc
+          configMap:
+            name: neutron-etc
+            defaultMode: 0444
+        - name: libmodules
+          hostPath:
+            path: /lib/modules
+        - name: run
+          hostPath:
+            path: /run
+{{ if $mounts_neutron_lb_agent.volumes }}{{ toYaml $mounts_neutron_lb_agent.volumes | indent 8 }}{{ end }}
+{{- end }}
--- a/neutron/templates/daemonset-metadata-agent.yaml
+++ b/neutron/templates/daemonset-metadata-agent.yaml
@ -65,10 +65,14 @@ spec:
              mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini
              subPath: ml2_conf.ini
              readOnly: true
+            {{- if eq .Values.network.backend "ovs" }}
            - name: neutron-etc
              mountPath: /etc/neutron/plugins/ml2/openvswitch_agent.ini
              subPath: openvswitch_agent.ini
              readOnly: true
+            - name: runopenvswitch
+              mountPath: /run/openvswitch
+            {{- end }}
            - name: neutron-etc
              mountPath: /etc/neutron/metadata_agent.ini
              subPath: metadata_agent.ini
@ -124,8 +128,6 @@ spec:
              mountPath: /etc/neutron/rootwrap.d/openvswitch-plugin.filters
              subPath: openvswitch-plugin.filters
              readOnly: true
-            - name: runopenvswitch
-              mountPath: /run/openvswitch
            - name: socket
              mountPath: /var/lib/neutron/stackanetes
 {{ if $mounts_neutron_metadata_agent.volumeMounts }}{{ toYaml $mounts_neutron_metadata_agent.volumeMounts | indent 12 }}{{ end }}
@ -138,9 +140,11 @@ spec:
          configMap:
            name: neutron-etc
            defaultMode: 0444
+        {{- if eq .Values.network.backend "ovs" }}
        - name: runopenvswitch
          hostPath:
            path: /run/openvswitch
+        {{- end }}
        - name: socket
          hostPath:
            path: /var/lib/neutron/openstack-helm
--- a/neutron/values.yaml
+++ b/neutron/values.yaml
@ -32,6 +32,7 @@ images:
  metadata: docker.io/kolla/ubuntu-source-neutron-metadata-agent:3.0.3
  l3: docker.io/kolla/ubuntu-source-neutron-l3-agent:3.0.3
  neutron_openvswitch_agent: docker.io/kolla/ubuntu-source-neutron-openvswitch-agent:3.0.3
+  neutron_linuxbridge_agent: docker.io/kolla/ubuntu-source-neutron-linuxbridge-agent:3.0.3
  openvswitch_db_server: docker.io/kolla/ubuntu-source-openvswitch-db-server:3.0.3
  openvswitch_vswitchd: docker.io/kolla/ubuntu-source-openvswitch-vswitchd:3.0.3
  dep_check: docker.io/kolla/ubuntu-source-kubernetes-entrypoint:4.0.0
@ -45,6 +46,9 @@ labels:
  ovs:
      node_selector_key: openvswitch
      node_selector_value: enabled
+  lb:
+      node_selector_key: linuxbridge
+      node_selector_value: enabled
  agent:
    dhcp:
      node_selector_key: openstack-control-plane
@ -60,6 +64,9 @@ labels:
    node_selector_value: enabled

 network:
+  # provide what type of network wiring will be used
+  # possible options: ovs, linuxbridge
+  backend: ovs
  external_bridge: br-ex
  ip_address: 0.0.0.0
  interface:
@ -138,6 +145,7 @@ dependencies:
    - service: compute
      endpoint: internal
    daemonset:
+    # this should be set to corresponding neutron L2 agent
    - ovs-agent
  metadata:
    services:
@ -148,6 +156,7 @@ dependencies:
    - service: compute
      endpoint: internal
    daemonset:
+    # this should be set to corresponding neutron L2 agent
    - ovs-agent
  ovs_agent:
    services:
@ -155,6 +164,12 @@ dependencies:
      endpoint: internal
    - service: network
      endpoint: internal
+  lb_agent:
+    services:
+    - service: oslo_messaging
+      endpoint: internal
+    - service: network
+      endpoint: internal
  l3:
    services:
    - service: oslo_messaging
@ -164,6 +179,7 @@ dependencies:
    - service: compute
      endpoint: internal
    daemonset:
+    # this should be set to corresponding neutron L2 agent
    - ovs-agent
  tests:
    services:
@ -198,6 +214,9 @@ pod:
    neutron_l3_agent:
      init_container: null
      neutron_l3_agent:
+    neutron_lb_agent:
+      init_container: null
+      neutron_lb_agent:
    neutron_metadata_agent:
      init_container: null
      neutron_metadata_agent:
@ -230,6 +249,10 @@ pod:
          enabled: false
          min_ready_seconds: 0
          max_unavailable: 1
+        lb_agent:
+          enabled: true
+          min_ready_seconds: 0
+          max_unavailable: 1
        metadata_agent:
          enabled: true
          min_ready_seconds: 0
@ -269,6 +292,13 @@ pod:
        limits:
          memory: "1024Mi"
          cpu: "2000m"
+      lb:
+        requests:
+          memory: "128Mi"
+          cpu: "100m"
+        limits:
+          memory: "1024Mi"
+          cpu: "2000m"
      metadata:
        requests:
          memory: "128Mi"
@ -599,9 +629,11 @@ conf:
        default_availability_zones: nova
        api_workers: 4
        allow_overlapping_ips: True
+        # core_plugin can be: ml2, calico
        core_plugin: ml2
+        # service_plugin can be: router, odl-router, empty for calico,
+        # networking_ovn.l3.l3_ovn.OVNL3RouterPlugin for OVN
        service_plugins: router
-        interface_driver: openvswitch
        metadata_proxy_socket: /var/lib/neutron/openstack-helm/metadata_proxy
        db:
          allow_automatic_l3agent_failover: True
@ -613,6 +645,7 @@ conf:
          network_auto_schedule: True
          router_auto_schedule: True
        agent:
+          # we can define here, which driver we are using: openvswitch or linuxbridge
          interface_driver: openvswitch
    oslo_concurrency:
      oslo:
@ -654,6 +687,8 @@ conf:
      neutron:
        ml2:
          extension_drivers: port_security
+          # mechnism_drivers can be: openvswitch, linuxbridge,
+          # opendaylight, ovn
          mechanism_drivers: openvswitch,l2population
          type_drivers: flat,vlan,vxlan
          tenant_network_types: vxlan
@ -683,6 +718,8 @@ conf:
      neutron:
        base:
          agent:
+            # we can define here, which driver we are using:
+            # openvswitch or linuxbridge
            interface_driver: openvswitch
        dhcp:
          agent:
@ -696,6 +733,8 @@ conf:
      neutron:
        base:
          agent:
+            # we can define here, which driver we are using:
+            # openvswitch or linuxbridge
            interface_driver: openvswitch
        l3:
          agent:
@ -754,6 +793,30 @@ conf:
  linuxbridge_agent:
    override:
    append:
+    linux_bridge:
+      neutron:
+        ml2:
+          linuxbridge:
+            agent:
+              # To define Flat and VLAN connections, in LB we can assign
+              # specific interface to the flat/vlan network name using:
+              # physical_interface_mappings: "external:eth3"
+              # Or we can set the mapping between the network and bridge:
+              bridge_mappings: "external:br-ex"
+              # The two above options are exclusive, do not use both of them at once
+    securitygroup:
+      neutron:
+        ml2:
+          linuxbridge:
+            agent:
+              firewall_driver: neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
+    vxlan:
+      neutron:
+        ml2:
+          linuxbridge:
+            agent:
+              l2_population: True
+              arp_responder: True

 # Names of secrets used by bootstrap and environmental checks
 secrets:
@ -870,6 +933,7 @@ manifests:
  configmap_etc: true
  daemonset_dhcp_agent: true
  daemonset_l3_agent: true
+  daemonset_lb_agent: false
  daemonset_metadata_agent: true
  daemonset_ovs_agent: true
  daemonset_ovs_db: true
--- a/nova/values.yaml
+++ b/nova/values.yaml
@ -196,6 +196,7 @@ dependencies:
    - service: network
      endpoint: internal
    daemonset:
+    # this should be set to corresponding neutron L2 agent
    - ovs-agent
  libvirt:
    jobs:
--- a/tools/overrides/mvp/neutron-linuxbridge.yaml
+++ b/tools/overrides/mvp/neutron-linuxbridge.yaml
@ -0,0 +1,84 @@
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# MVP values for neutron using Linux Bridge.
+# This file contains overrides to launch a MVP deployment of neutron using
+# Linux Bridge for the OpenStack-Helm gates, and local development use.
+# It should be kept to the bare minimum required for this purpose.
+
+network:
+  backend: linuxbridge
+  interface:
+    tunnel: docker0
+
+manifests:
+  daemonset_lb_agent: true
+  daemonset_ovs_agent: false
+  daemonset_ovs_db: false
+  daemonset_ovs_vswitchd: false
+
+dependencies:
+  dhcp:
+    daemonset:
+      - lb-agent
+  l3:
+    daemonset:
+      - lb-agent
+  metadata:
+    daemonset:
+      - lb-agent
+
+conf:
+  neutron:
+    default:
+      oslo:
+        log:
+          debug: false
+      neutron:
+        agent:
+          interface_driver: linuxbridge
+        db:
+          l3_ha: False
+          min_l3_agents_per_router: 1
+          max_l3_agents_per_router: 1
+          l3_ha_network_type: vxlan
+          dhcp_agents_per_network: 1
+  ml2_conf:
+    ml2:
+      neutron:
+        ml2:
+          mechanism_drivers: linuxbridge, l2population
+    ml2_type_flat:
+      neutron:
+        ml2:
+          flat_networks: public
+  dhcp_agent:
+    default:
+      neutron:
+        base:
+          agent:
+            interface_driver: linuxbridge
+  l3_agent:
+    default:
+      neutron:
+        base:
+          agent:
+            interface_driver: linuxbridge
+  linuxbridge_agent:
+    linux_bridge:
+      neutron:
+        ml2:
+          linuxbridge:
+            agent:
+              bridge_mappings: "public:br-ex"