From 83710071bbef2a6c3b4bf0eb29378c61ca3f9817 Mon Sep 17 00:00:00 2001
From: Artur Korzeniewski <artur.korzeniewski@intel.com>
Date: Wed, 17 May 2017 14:03:50 +0200
Subject: [PATCH] Neutron chart: add OVS firewall

Add openvswitch based firewall, which is better than hybrid iptables one.
It does not interfere with k8s iptables rules on compute nodes.
The advantage is that VMs have access to the OpenStack API.

Change-Id: Ic6baef5867db962b3cb4709d7e6dce8a9a13584f
Closes-Bug: #1686371
---
 neutron/values.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/neutron/values.yaml b/neutron/values.yaml
index 686db9817b..2999e898a7 100644
--- a/neutron/values.yaml
+++ b/neutron/values.yaml
@@ -389,6 +389,12 @@ conf:
             agent:
               tunnel_types: vxlan
               ovsdb_connection: unix:/var/run/openvswitch/db.sock
+    securitygroup:
+      neutron:
+        ml2:
+          ovs:
+            agent:
+              firewall_driver: openvswitch
   metering_agent:
     override:
     append: