[stable/zed] [ATMOSPHERE-594] Sync OVN charts (#2312)

This is an automated cherry-pick of #2129
/assign mnaser
diff --git a/.charts.yml b/.charts.yml
index c01daa5..cb5ebe3 100644
--- a/.charts.yml
+++ b/.charts.yml
@@ -164,13 +164,14 @@
     repository: *openstack_helm_infra_repository
     dependencies: *openstack_helm_dependencies
   - name: ovn
-    version: 0.1.13
+    version: 0.1.15
     repository: *openstack_helm_infra_repository
     dependencies: *openstack_helm_dependencies
     patches:
       gerrit:
         review.opendev.org:
-          - 933333
+          - 934929
+          - 934931
   - name: placement
     version: 0.3.9
     repository: *openstack_helm_repository
diff --git a/charts/ovn/Chart.yaml b/charts/ovn/Chart.yaml
index 00f498b..89f34fd 100644
--- a/charts/ovn/Chart.yaml
+++ b/charts/ovn/Chart.yaml
@@ -9,4 +9,4 @@
 sources:
 - https://github.com/ovn-org/ovn
 - https://opendev.org/openstack/openstack-helm
-version: 0.1.13
+version: 0.1.15
diff --git a/charts/ovn/templates/daemonset-controller.yaml b/charts/ovn/templates/daemonset-controller.yaml
index 82b70f7..3c2933f 100644
--- a/charts/ovn/templates/daemonset-controller.yaml
+++ b/charts/ovn/templates/daemonset-controller.yaml
@@ -128,7 +128,7 @@
       containers:
         - name: controller
 {{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
-{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ tuple $envAll $envAll.Values.pod.resources.ovn_controller | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
 {{ dict "envAll" $envAll "application" "ovn_controller" "container" "controller" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
           command:
             - /root/ovnkube.sh
diff --git a/charts/ovn/templates/deployment-northd.yaml b/charts/ovn/templates/deployment-northd.yaml
index f945bb2..2dbbb68 100644
--- a/charts/ovn/templates/deployment-northd.yaml
+++ b/charts/ovn/templates/deployment-northd.yaml
@@ -59,7 +59,7 @@
             - /root/ovnkube.sh
             - run-ovn-northd
 {{ tuple $envAll "ovn_northd" | include "helm-toolkit.snippets.image" | indent 10 }}
-{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ tuple $envAll $envAll.Values.pod.resources.ovn_northd | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
 {{ dict "envAll" $envAll "application" "ovn_northd" "container" "northd" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
 {{ dict "envAll" . "component" "ovn_northd" "container" "northd" "type" "readiness" "probeTemplate" (include "northdReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
 {{ dict "envAll" . "component" "ovn_northd" "container" "northd" "type" "liveness" "probeTemplate" (include "northdReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
diff --git a/charts/ovn/templates/statefulset-ovsdb-nb.yaml b/charts/ovn/templates/statefulset-ovsdb-nb.yaml
index 98e70ad..d19d510 100644
--- a/charts/ovn/templates/statefulset-ovsdb-nb.yaml
+++ b/charts/ovn/templates/statefulset-ovsdb-nb.yaml
@@ -71,9 +71,8 @@
             - nb-ovsdb
 {{- end }}
 {{ tuple $envAll "ovn_ovsdb_nb" | include "helm-toolkit.snippets.image" | indent 10 }}
-{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ tuple $envAll $envAll.Values.pod.resources.ovn_ovsdb_nb | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
 {{ dict "envAll" . "component" "ovn_ovsdb_nb" "container" "ovsdb" "type" "readiness" "probeTemplate" (include "ovnnbReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
-
           ports:
             - containerPort: {{ tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
             - containerPort: {{ tuple "ovn-ovsdb-nb" "internal" "raft" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
diff --git a/charts/ovn/templates/statefulset-ovsdb-sb.yaml b/charts/ovn/templates/statefulset-ovsdb-sb.yaml
index 694348b..a6180aa 100644
--- a/charts/ovn/templates/statefulset-ovsdb-sb.yaml
+++ b/charts/ovn/templates/statefulset-ovsdb-sb.yaml
@@ -71,7 +71,7 @@
             - sb-ovsdb
 {{- end }}
 {{ tuple $envAll "ovn_ovsdb_sb" | include "helm-toolkit.snippets.image" | indent 10 }}
-{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ tuple $envAll $envAll.Values.pod.resources.ovn_ovsdb_sb | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
 {{ dict "envAll" . "component" "ovn_ovsdb_sb" "container" "ovsdb" "type" "readiness" "probeTemplate" (include "ovnsbReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
           ports:
             - containerPort: {{ tuple "ovn-ovsdb-sb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
diff --git a/charts/ovn/values.yaml b/charts/ovn/values.yaml
index 3ffdece..0191c85 100644
--- a/charts/ovn/values.yaml
+++ b/charts/ovn/values.yaml
@@ -84,7 +84,6 @@
   #   br-private: eth0
   #   br-public: eth1
   auto_bridge_add: {}
-
   ovn_network_logging_parser_uwsgi:
     uwsgi:
       add-header: "Connection: close"
@@ -246,35 +245,34 @@
           max_unavailable: 1
   resources:
     enabled: false
-    ovs:
-      ovn_ovsdb_nb:
-        requests:
-          memory: "384Mi"
-          cpu: "100m"
-        limits:
-          memory: "1024Mi"
-          cpu: "1000m"
-      ovn_ovsdb_sb:
-        requests:
-          memory: "384Mi"
-          cpu: "100m"
-        limits:
-          memory: "1024Mi"
-          cpu: "1000m"
-      ovn_northd:
-        requests:
-          memory: "128Mi"
-          cpu: "100m"
-        limits:
-          memory: "1024Mi"
-          cpu: "2000m"
-      ovn_controller:
-        requests:
-          memory: "128Mi"
-          cpu: "100m"
-        limits:
-          memory: "1024Mi"
-          cpu: "2000m"
+    ovn_ovsdb_nb:
+      requests:
+        memory: "384Mi"
+        cpu: "100m"
+      limits:
+        memory: "1024Mi"
+        cpu: "1000m"
+    ovn_ovsdb_sb:
+      requests:
+        memory: "384Mi"
+        cpu: "100m"
+      limits:
+        memory: "1024Mi"
+        cpu: "1000m"
+    ovn_northd:
+      requests:
+        memory: "128Mi"
+        cpu: "100m"
+      limits:
+        memory: "1024Mi"
+        cpu: "2000m"
+    ovn_controller:
+      requests:
+        memory: "128Mi"
+        cpu: "100m"
+      limits:
+        memory: "1024Mi"
+        cpu: "2000m"
     ovn_logging_parser:
       requests:
         memory: "128Mi"
diff --git a/charts/patches/ovn/0001-switch-to-ovn-kubernetes.patch b/charts/patches/ovn/0001-switch-to-ovn-kubernetes.patch
deleted file mode 100644
index 35719dd..0000000
--- a/charts/patches/ovn/0001-switch-to-ovn-kubernetes.patch
+++ /dev/null
@@ -1,941 +0,0 @@
-diff --git a/ovn/templates/bin/_ovn-controller-init.sh.tpl b/ovn/templates/bin/_ovn-controller-init.sh.tpl
-index 55cc2ecb..885204a0 100644
---- a/ovn/templates/bin/_ovn-controller-init.sh.tpl
-+++ b/ovn/templates/bin/_ovn-controller-init.sh.tpl
-@@ -14,6 +14,8 @@
- # See the License for the specific language governing permissions and
- # limitations under the License.
- 
-+ANNOTATION_KEY="atmosphere.cloud/ovn-system-id"
-+
- function get_ip_address_from_interface {
-   local interface=$1
-   local ip=$(ip -4 -o addr s "${interface}" | awk '{ print $4; exit }' | awk -F '/' 'NR==1 {print $1}')
-@@ -75,6 +77,19 @@ function migrate_ip_from_nic {
-   set -e
- }
- 
-+function get_current_system_id {
-+  ovs-vsctl --if-exists get Open_vSwitch . external_ids:system-id | tr -d '"'
-+}
-+
-+function get_stored_system_id {
-+  kubectl get node "$NODE_NAME" -o "jsonpath={.metadata.annotations.atmosphere\.cloud/ovn-system-id}"
-+}
-+
-+function store_system_id() {
-+  local system_id=$1
-+  kubectl annotate node "$NODE_NAME" "$ANNOTATION_KEY=$system_id"
-+}
-+
- # Detect tunnel interface
- tunnel_interface="{{- .Values.network.interface.tunnel -}}"
- if [ -z "${tunnel_interface}" ] ; then
-@@ -89,13 +104,25 @@ if [ -z "${tunnel_interface}" ] ; then
- fi
- ovs-vsctl set open . external_ids:ovn-encap-ip="$(get_ip_address_from_interface ${tunnel_interface})"
- 
--# Configure system ID
--set +e
--ovs-vsctl get open . external-ids:system-id
--if [ $? -eq 1 ]; then
--  ovs-vsctl set open . external-ids:system-id="$(uuidgen)"
-+# Get the stored system-id from the Kubernetes node annotation
-+stored_system_id=$(get_stored_system_id)
-+
-+# Get the current system-id set in OVS
-+current_system_id=$(get_current_system_id)
-+
-+if [ -n "$stored_system_id" ] && [ "$stored_system_id" != "$current_system_id" ]; then
-+  # If the annotation exists and does not match the current system-id, set the system-id to the stored one
-+  ovs-vsctl set Open_vSwitch . external_ids:system-id="$stored_system_id"
-+elif [ -z "$current_system_id" ]; then
-+  # If no current system-id is set, generate a new one
-+  current_system_id=$(uuidgen)
-+  ovs-vsctl set Open_vSwitch . external_ids:system-id="$current_system_id"
-+  # Store the new system-id in the Kubernetes node annotation
-+  store_system_id "$current_system_id"
-+elif [ -z "$stored_system_id" ]; then
-+  # If there is no stored system-id, store the current one
-+  store_system_id "$current_system_id"
- fi
--set -e
- 
- # Configure OVN remote
- {{- if empty .Values.conf.ovn_remote -}}
-@@ -125,6 +152,10 @@ else
-   ovs-vsctl set open . external-ids:ovn-cms-options={{ .Values.conf.ovn_cms_options }}
- fi
- 
-+{{ if .Values.conf.ovn_bridge_datapath_type -}}
-+ovs-vsctl set open . external-ids:ovn-bridge-datapath-type="{{ .Values.conf.ovn_bridge_datapath_type }}"
-+{{- end }}
-+
- # Configure hostname
- {{- if .Values.pod.use_fqdn.compute }}
-   ovs-vsctl set open . external-ids:hostname="$(hostname -f)"
-diff --git a/ovn/templates/clusterrole-controller.yaml b/ovn/templates/clusterrole-controller.yaml
-new file mode 100644
-index 00000000..8291f65a
---- /dev/null
-+++ b/ovn/templates/clusterrole-controller.yaml
-@@ -0,0 +1,12 @@
-+apiVersion: rbac.authorization.k8s.io/v1
-+kind: ClusterRole
-+metadata:
-+  name: ovn-controller
-+rules:
-+- apiGroups:
-+  - ""
-+  resources:
-+  - nodes
-+  verbs:
-+  - get
-+  - patch
-diff --git a/ovn/templates/clusterrolebinding-controller.yaml b/ovn/templates/clusterrolebinding-controller.yaml
-new file mode 100644
-index 00000000..c95ef5e9
---- /dev/null
-+++ b/ovn/templates/clusterrolebinding-controller.yaml
-@@ -0,0 +1,15 @@
-+apiVersion: rbac.authorization.k8s.io/v1
-+kind: ClusterRoleBinding
-+metadata:
-+  name: ovn-controller
-+roleRef:
-+  apiGroup: rbac.authorization.k8s.io
-+  kind: ClusterRole
-+  name: ovn-controller
-+subjects:
-+- kind: ServiceAccount
-+  name: ovn-controller
-+  namespace: {{ .Release.Namespace }}
-+- kind: ServiceAccount
-+  name: ovn-controller-gw
-+  namespace: {{ .Release.Namespace }}
-diff --git a/ovn/templates/configmap-bin.yaml b/ovn/templates/configmap-bin.yaml
-index a849dd8a..82001f99 100644
---- a/ovn/templates/configmap-bin.yaml
-+++ b/ovn/templates/configmap-bin.yaml
-@@ -24,12 +24,6 @@ data:
-   image-repo-sync.sh: |
- {{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }}
- {{- end }}
--  ovsdb-server.sh: |
--{{ tuple "bin/_ovsdb-server.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
--  ovn-northd.sh: |
--{{ tuple "bin/_ovn-northd.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
-   ovn-controller-init.sh: |
- {{ tuple "bin/_ovn-controller-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
--  ovn-controller.sh: |
--{{ tuple "bin/_ovn-controller.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
- {{- end }}
-diff --git a/ovn/templates/daemonset-controller.yaml b/ovn/templates/daemonset-controller.yaml
-index 4cd5d9b2..fae94512 100644
---- a/ovn/templates/daemonset-controller.yaml
-+++ b/ovn/templates/daemonset-controller.yaml
-@@ -12,6 +12,15 @@ See the License for the specific language governing permissions and
- limitations under the License.
- */}}
- 
-+{{- define "controllerReadinessProbeTemplate" }}
-+exec:
-+  command:
-+    - /usr/bin/ovn-kube-util
-+    - readiness-probe
-+    - -t
-+    - ovn-controller
-+{{- end }}
-+
- {{- if .Values.manifests.daemonset_ovn_controller }}
- {{- $envAll := . }}
- 
-@@ -106,6 +106,11 @@ spec:
- {{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
-           command:
-             - /tmp/ovn-controller-init.sh
-+          env:
-+            - name: NODE_NAME
-+              valueFrom:
-+                fieldRef:
-+                  fieldPath: spec.nodeName
-           volumeMounts:
-             - name: ovn-bin
-               mountPath: /tmp/ovn-controller-init.sh
-@@ -117,17 +122,23 @@ spec:
- {{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
- {{ dict "envAll" $envAll "application" "ovn_controller" "container" "controller" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
-           command:
--            - /tmp/ovn-controller.sh
--            - start
--          lifecycle:
--            preStop:
--              exec:
--                command:
--                  - /tmp/ovn-controller.sh
--                  - stop
-+            - /root/ovnkube.sh
-+            - ovn-controller
-+{{ dict "envAll" . "component" "ovn_controller" "container" "controller" "type" "readiness" "probeTemplate" (include "controllerReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
-+          env:
-+            - name: OVN_DAEMONSET_VERSION
-+              value: "3"
-+            - name: OVN_LOGLEVEL_CONTROLLER
-+              value: "-vconsole:info -vfile:info"
-+            - name: OVN_KUBERNETES_NAMESPACE
-+              valueFrom:
-+                fieldRef:
-+                  fieldPath: metadata.namespace
-+            - name: OVN_KUBERNETES_NB_STATEFULSET
-+              value: ovn-ovsdb-nb
-+            - name: OVN_KUBERNETES_SB_STATEFULSET
-+              value: ovn-ovsdb-sb
-+            - name: OVN_SSL_ENABLE
-+              value: "no"
-           volumeMounts:
--            - name: ovn-bin
--              mountPath: /tmp/ovn-controller.sh
--              subPath: ovn-controller.sh
--              readOnly: true
-             - name: run-openvswitch
-@@ -154,7 +154,7 @@ spec:
-               mountPath: /run/openvswitch
-             - name: logs
-               mountPath: /var/log/ovn
--            - name: run-ovn
-+            - name: run-openvswitch
-               mountPath: /run/ovn
-         {{- if .Values.pod.sidecars.vector }}
-         - name: vector
-diff --git a/ovn/templates/deployment-northd.yaml b/ovn/templates/deployment-northd.yaml
-index e3afdd05..ae31b357 100644
---- a/ovn/templates/deployment-northd.yaml
-+++ b/ovn/templates/deployment-northd.yaml
-@@ -12,18 +12,13 @@ See the License for the specific language governing permissions and
- limitations under the License.
- */}}
- 
--{{- define "livenessProbeTemplate" }}
-+{{- define "northdReadinessProbeTemplate" }}
- exec:
-   command:
--    - /tmp/ovn-northd.sh
--    - liveness
--{{- end }}
--
--{{- define "readinessProbeTemplate" }}
--exec:
--  command:
--    - /tmp/ovn-northd.sh
--    - readiness
-+    - /usr/bin/ovn-kube-util
-+    - readiness-probe
-+    - -t
-+    - ovn-northd
- {{- end }}
- 
- {{- if .Values.manifests.deployment_northd }}
-@@ -60,28 +55,27 @@ spec:
- {{- tuple $envAll "ovn_northd" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
-       containers:
-         - name: northd
-+          command:
-+            - /root/ovnkube.sh
-+            - run-ovn-northd
- {{ tuple $envAll "ovn_northd" | include "helm-toolkit.snippets.image" | indent 10 }}
- {{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
- {{ dict "envAll" $envAll "application" "ovn_northd" "container" "northd" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
--{{ dict "envAll" . "component" "ovn_northd" "container" "northd" "type" "liveness" "probeTemplate" (include "livenessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
--{{ dict "envAll" . "component" "ovn_northd" "container" "northd" "type" "readiness" "probeTemplate" (include "readinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
--          command:
--            - /tmp/ovn-northd.sh
--            - start
--          lifecycle:
--            preStop:
--              exec:
--                command:
--                  - /tmp/ovn-northd.sh
--                  - stop
--          volumeMounts:
--            - name: ovn-bin
--              mountPath: /tmp/ovn-northd.sh
--              subPath: ovn-northd.sh
--              readOnly: true
--      volumes:
--        - name: ovn-bin
--          configMap:
--            name: ovn-bin
--            defaultMode: 0555
-+{{ dict "envAll" . "component" "ovn_northd" "container" "northd" "type" "readiness" "probeTemplate" (include "northdReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
-+{{ dict "envAll" . "component" "ovn_northd" "container" "northd" "type" "liveness" "probeTemplate" (include "northdReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
-+          env:
-+            - name: OVN_DAEMONSET_VERSION
-+              value: "3"
-+            - name: OVN_LOGLEVEL_NORTHD
-+              value: "-vconsole:info -vfile:info"
-+            - name: OVN_KUBERNETES_NAMESPACE
-+              valueFrom:
-+                fieldRef:
-+                  fieldPath: metadata.namespace
-+            - name: OVN_KUBERNETES_NB_STATEFULSET
-+              value: ovn-ovsdb-nb
-+            - name: OVN_KUBERNETES_SB_STATEFULSET
-+              value: ovn-ovsdb-sb
-+            - name: OVN_SSL_ENABLE
-+              value: "no"
- {{- end }}
-diff --git a/ovn/templates/role-controller.yaml b/ovn/templates/role-controller.yaml
-new file mode 100644
-index 00000000..de3cfa6d
---- /dev/null
-+++ b/ovn/templates/role-controller.yaml
-@@ -0,0 +1,11 @@
-+apiVersion: rbac.authorization.k8s.io/v1
-+kind: Role
-+metadata:
-+  name: ovn-controller
-+rules:
-+- apiGroups:
-+  - discovery.k8s.io
-+  resources:
-+  - endpointslices
-+  verbs:
-+  - list
-diff --git a/ovn/templates/role-northd.yaml b/ovn/templates/role-northd.yaml
-new file mode 100644
-index 00000000..ca02fae6
---- /dev/null
-+++ b/ovn/templates/role-northd.yaml
-@@ -0,0 +1,11 @@
-+apiVersion: rbac.authorization.k8s.io/v1
-+kind: Role
-+metadata:
-+  name: ovn-northd
-+rules:
-+- apiGroups:
-+  - discovery.k8s.io
-+  resources:
-+  - endpointslices
-+  verbs:
-+  - list
-diff --git a/ovn/templates/role-ovsdb.yaml b/ovn/templates/role-ovsdb.yaml
-new file mode 100644
-index 00000000..10e0e239
---- /dev/null
-+++ b/ovn/templates/role-ovsdb.yaml
-@@ -0,0 +1,19 @@
-+apiVersion: rbac.authorization.k8s.io/v1
-+kind: Role
-+metadata:
-+  name: ovn-ovsdb
-+rules:
-+- apiGroups:
-+  - "apps"
-+  resources:
-+  - statefulsets
-+  verbs:
-+  - get
-+- apiGroups:
-+  - ""
-+  resources:
-+  - pods
-+  - endpoints
-+  verbs:
-+  - list
-+  - get
-diff --git a/ovn/templates/rolebinding-controller.yaml b/ovn/templates/rolebinding-controller.yaml
-new file mode 100644
-index 00000000..7973c7e2
---- /dev/null
-+++ b/ovn/templates/rolebinding-controller.yaml
-@@ -0,0 +1,13 @@
-+apiVersion: rbac.authorization.k8s.io/v1
-+kind: RoleBinding
-+metadata:
-+  name: ovn-controller
-+roleRef:
-+  apiGroup: rbac.authorization.k8s.io
-+  kind: Role
-+  name: ovn-controller
-+subjects:
-+- kind: ServiceAccount
-+  name: ovn-controller
-+- kind: ServiceAccount
-+  name: ovn-controller-gw
-diff --git a/ovn/templates/rolebinding-northd.yaml b/ovn/templates/rolebinding-northd.yaml
-new file mode 100644
-index 00000000..428a4707
---- /dev/null
-+++ b/ovn/templates/rolebinding-northd.yaml
-@@ -0,0 +1,11 @@
-+apiVersion: rbac.authorization.k8s.io/v1
-+kind: RoleBinding
-+metadata:
-+  name: ovn-northd
-+roleRef:
-+  apiGroup: rbac.authorization.k8s.io
-+  kind: Role
-+  name: ovn-northd
-+subjects:
-+- kind: ServiceAccount
-+  name: ovn-northd
-diff --git a/ovn/templates/rolebinding-ovsdb.yaml b/ovn/templates/rolebinding-ovsdb.yaml
-new file mode 100644
-index 00000000..f32382bc
---- /dev/null
-+++ b/ovn/templates/rolebinding-ovsdb.yaml
-@@ -0,0 +1,13 @@
-+apiVersion: rbac.authorization.k8s.io/v1
-+kind: RoleBinding
-+metadata:
-+  name: ovn-ovsdb
-+roleRef:
-+  apiGroup: rbac.authorization.k8s.io
-+  kind: Role
-+  name: ovn-ovsdb
-+subjects:
-+- kind: ServiceAccount
-+  name: ovn-ovsdb-nb
-+- kind: ServiceAccount
-+  name: ovn-ovsdb-sb
-diff --git a/ovn/templates/service-ovsdb-nb.yaml b/ovn/templates/service-ovsdb-nb.yaml
-index b93da9b8..56f7cd09 100644
---- a/ovn/templates/service-ovsdb-nb.yaml
-+++ b/ovn/templates/service-ovsdb-nb.yaml
-@@ -20,6 +20,7 @@ kind: Service
- metadata:
-   name: {{ tuple "ovn-ovsdb-nb" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
- spec:
-+  publishNotReadyAddresses: true
-   ports:
-     - name: ovsdb
-       port: {{ tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
-diff --git a/ovn/templates/service-ovsdb-sb.yaml b/ovn/templates/service-ovsdb-sb.yaml
-index 70f62c6e..4a6b5864 100644
---- a/ovn/templates/service-ovsdb-sb.yaml
-+++ b/ovn/templates/service-ovsdb-sb.yaml
-@@ -20,6 +20,7 @@ kind: Service
- metadata:
-   name: {{ tuple "ovn-ovsdb-sb" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
- spec:
-+  publishNotReadyAddresses: true
-   ports:
-     - name: ovsdb
-       port: {{ tuple "ovn-ovsdb-sb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
-diff --git a/ovn/templates/statefulset-ovsdb-nb.yaml b/ovn/templates/statefulset-ovsdb-nb.yaml
-index 04958165..98e70ada 100644
---- a/ovn/templates/statefulset-ovsdb-nb.yaml
-+++ b/ovn/templates/statefulset-ovsdb-nb.yaml
-@@ -12,6 +12,19 @@ See the License for the specific language governing permissions and
- limitations under the License.
- */}}
- 
-+{{- define "ovnnbReadinessProbeTemplate" }}
-+exec:
-+  command:
-+    - /usr/bin/ovn-kube-util
-+    - readiness-probe
-+    - -t
-+{{- if gt (int .Values.pod.replicas.ovn_ovsdb_nb) 1 }}
-+    - ovnnb-db-raft
-+{{- else }}
-+    - ovnnb-db
-+{{- end }}
-+{{- end }}
-+
- {{- if .Values.manifests.statefulset_ovn_ovsdb_nb }}
- {{- $envAll := . }}
- 
-@@ -28,6 +41,7 @@ metadata:
- {{ tuple $envAll "ovn" "ovn-ovsdb-nb" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
- spec:
-   serviceName: {{ tuple "ovn-ovsdb-nb" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
-+  podManagementPolicy: Parallel
-   replicas: {{ .Values.pod.replicas.ovn_ovsdb_nb }}
-   selector:
-     matchLabels:
-@@ -49,43 +63,57 @@ spec:
- {{- tuple $envAll "ovn_ovsdb_nb" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
-       containers:
-         - name: ovsdb
-+          command:
-+            - /root/ovnkube.sh
-+{{- if gt (int .Values.pod.replicas.ovn_ovsdb_nb) 1 }}
-+            - nb-ovsdb-raft
-+{{- else }}
-+            - nb-ovsdb
-+{{- end }}
- {{ tuple $envAll "ovn_ovsdb_nb" | include "helm-toolkit.snippets.image" | indent 10 }}
- {{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-+{{ dict "envAll" . "component" "ovn_ovsdb_nb" "container" "ovsdb" "type" "readiness" "probeTemplate" (include "ovnnbReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
-+
-           ports:
-             - containerPort: {{ tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
-             - containerPort: {{ tuple "ovn-ovsdb-nb" "internal" "raft" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
-           env:
--            - name: OVS_DATABASE
--              value: nb
--            - name: OVS_PORT
-+            - name: OVN_DAEMONSET_VERSION
-+              value: "3"
-+            - name: OVN_LOGLEVEL_NB
-+              value: "-vconsole:info -vfile:info"
-+            - name: OVN_KUBERNETES_NAMESPACE
-+              valueFrom:
-+                fieldRef:
-+                  fieldPath: metadata.namespace
-+            - name: OVN_KUBERNETES_STATEFULSET
-+              value: ovn-ovsdb-nb
-+            - name: POD_NAME
-+              valueFrom:
-+                fieldRef:
-+                  fieldPath: metadata.name
-+            - name: OVN_SSL_ENABLE
-+              value: "no"
-+            - name: ENABLE_IPSEC
-+              value: "false"
-+            - name: OVN_NB_RAFT_ELECTION_TIMER
-+              value: "1000"
-+            - name: OVN_NB_PORT
-               value: {{ tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
--          command:
--            - /tmp/ovsdb-server.sh
--            - start
--          lifecycle:
--            preStop:
--              exec:
--                command:
--                  - /tmp/ovsdb-server.sh
--                  - stop
-+            - name: OVN_NB_RAFT_PORT
-+              value: {{ tuple "ovn-ovsdb-nb" "internal" "raft" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
-           volumeMounts:
--            - name: ovn-bin
--              mountPath: /tmp/ovsdb-server.sh
--              subPath: ovsdb-server.sh
--              readOnly: true
-             - name: run-openvswitch
--              mountPath: /run/openvswitch
-+              mountPath: /var/run/openvswitch
-+            - name: run-openvswitch
-+              mountPath: /var/run/ovn
-             - name: data
--              mountPath: {{ $envAll.Values.volume.ovn_ovsdb_nb.path }}
-+              mountPath: /etc/ovn
-       volumes:
-         - name: run-openvswitch
-           hostPath:
-             path: /run/openvswitch
-             type: DirectoryOrCreate
--        - name: ovn-bin
--          configMap:
--            name: ovn-bin
--            defaultMode: 0555
- {{- if not .Values.volume.ovn_ovsdb_nb.enabled }}
-         - name: data
-           emptyDir: {}
-diff --git a/ovn/templates/statefulset-ovsdb-sb.yaml b/ovn/templates/statefulset-ovsdb-sb.yaml
-index 9e7b6670..694348b2 100644
---- a/ovn/templates/statefulset-ovsdb-sb.yaml
-+++ b/ovn/templates/statefulset-ovsdb-sb.yaml
-@@ -12,6 +12,19 @@ See the License for the specific language governing permissions and
- limitations under the License.
- */}}
- 
-+{{- define "ovnsbReadinessProbeTemplate" }}
-+exec:
-+  command:
-+    - /usr/bin/ovn-kube-util
-+    - readiness-probe
-+    - -t
-+{{- if gt (int .Values.pod.replicas.ovn_ovsdb_sb) 1 }}
-+    - ovnsb-db-raft
-+{{- else }}
-+    - ovnsb-db
-+{{- end }}
-+{{- end }}
-+
- {{- if .Values.manifests.statefulset_ovn_ovsdb_sb }}
- {{- $envAll := . }}
- 
-@@ -28,6 +41,7 @@ metadata:
- {{ tuple $envAll "ovn" "ovn-ovsdb-sb" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
- spec:
-   serviceName: {{ tuple "ovn-ovsdb-sb" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
-+  podManagementPolicy: Parallel
-   replicas: {{ .Values.pod.replicas.ovn_ovsdb_sb }}
-   selector:
-     matchLabels:
-@@ -49,43 +63,56 @@ spec:
- {{- tuple $envAll "ovn_ovsdb_sb" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
-       containers:
-         - name: ovsdb
-+          command:
-+            - /root/ovnkube.sh
-+{{- if gt (int .Values.pod.replicas.ovn_ovsdb_sb) 1 }}
-+            - sb-ovsdb-raft
-+{{- else }}
-+            - sb-ovsdb
-+{{- end }}
- {{ tuple $envAll "ovn_ovsdb_sb" | include "helm-toolkit.snippets.image" | indent 10 }}
- {{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-+{{ dict "envAll" . "component" "ovn_ovsdb_sb" "container" "ovsdb" "type" "readiness" "probeTemplate" (include "ovnsbReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
-           ports:
-             - containerPort: {{ tuple "ovn-ovsdb-sb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
-             - containerPort: {{ tuple "ovn-ovsdb-sb" "internal" "raft" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
-           env:
--            - name: OVS_DATABASE
--              value: sb
--            - name: OVS_PORT
-+            - name: OVN_DAEMONSET_VERSION
-+              value: "3"
-+            - name: OVN_LOGLEVEL_SB
-+              value: "-vconsole:info -vfile:info"
-+            - name: OVN_KUBERNETES_NAMESPACE
-+              valueFrom:
-+                fieldRef:
-+                  fieldPath: metadata.namespace
-+            - name: OVN_KUBERNETES_STATEFULSET
-+              value: ovn-ovsdb-sb
-+            - name: POD_NAME
-+              valueFrom:
-+                fieldRef:
-+                  fieldPath: metadata.name
-+            - name: OVN_SSL_ENABLE
-+              value: "no"
-+            - name: ENABLE_IPSEC
-+              value: "false"
-+            - name: OVN_SB_RAFT_ELECTION_TIMER
-+              value: "1000"
-+            - name: OVN_SB_PORT
-               value: {{ tuple "ovn-ovsdb-sb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
--          command:
--            - /tmp/ovsdb-server.sh
--            - start
--          lifecycle:
--            preStop:
--              exec:
--                command:
--                  - /tmp/ovsdb-server.sh
--                  - stop
-+            - name: OVN_SB_RAFT_PORT
-+              value: {{ tuple "ovn-ovsdb-sb" "internal" "raft" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
-           volumeMounts:
--            - name: ovn-bin
--              mountPath: /tmp/ovsdb-server.sh
--              subPath: ovsdb-server.sh
--              readOnly: true
-             - name: run-openvswitch
--              mountPath: /run/openvswitch
-+              mountPath: /var/run/openvswitch
-+            - name: run-openvswitch
-+              mountPath: /var/run/ovn
-             - name: data
--              mountPath: {{ $envAll.Values.volume.ovn_ovsdb_sb.path }}
-+              mountPath: /etc/ovn
-       volumes:
-         - name: run-openvswitch
-           hostPath:
-             path: /run/openvswitch
-             type: DirectoryOrCreate
--        - name: ovn-bin
--          configMap:
--            name: ovn-bin
--            defaultMode: 0555
- {{- if not .Values.volume.ovn_ovsdb_sb.enabled }}
-         - name: data
-           emptyDir: {}
-@@ -95,10 +122,10 @@ spec:
-         name: data
-       spec:
-         accessModes: ["ReadWriteOnce"]
-+        storageClassName: {{ $envAll.Values.volume.ovn_ovsdb_sb.class_name }}
-         resources:
-           requests:
-             storage: {{ $envAll.Values.volume.ovn_ovsdb_sb.size }}
--        storageClassName: {{ $envAll.Values.volume.ovn_ovsdb_sb.class_name }}
- {{- end }}
- 
- {{- end }}
-diff --git a/ovn/values.yaml b/ovn/values.yaml
-index a18184ab..b07a0f5a 100644
---- a/ovn/values.yaml
-+++ b/ovn/values.yaml
-@@ -51,12 +51,10 @@ labels:
- 
- volume:
-   ovn_ovsdb_nb:
--    path: /var/lib/ovn
-     enabled: true
-     class_name: general
-     size: 5Gi
-   ovn_ovsdb_sb:
--    path: /var/lib/ovn
-     enabled: true
-     class_name: general
-     size: 5Gi
-@@ -76,6 +74,8 @@ conf:
-   ovn_encap_type: geneve
-   ovn_bridge: br-int
-   ovn_bridge_mappings: external:br-ex
-+  # For DPDK enabled environments, enable netdev datapath type for br-int
-+  # ovn_bridge_datapath_type: netdev
- 
-   # auto_bridge_add:
-   #   br-private: eth0
-@@ -135,13 +135,41 @@ pod:
-         readiness:
-           enabled: true
-           params:
--            initialDelaySeconds: 5
--            timeoutSeconds: 10
--        liveness:
-+            initialDelaySeconds: 30
-+            timeoutSeconds: 30
-+            periodSeconds: 60
-+    ovn_ovsdb_nb:
-+      ovsdb:
-+        readiness:
-+          enabled: true
-+          params:
-+            initialDelaySeconds: 30
-+            timeoutSeconds: 30
-+            periodSeconds: 60
-+    ovn_ovsdb_sb:
-+      ovsdb:
-+        readiness:
-+          enabled: true
-+          params:
-+            initialDelaySeconds: 30
-+            timeoutSeconds: 30
-+            periodSeconds: 60
-+    ovn_controller:
-+      controller:
-+        readiness:
-+          enabled: true
-+          params:
-+            initialDelaySeconds: 30
-+            timeoutSeconds: 30
-+            periodSeconds: 60
-+    ovn_controller_gw:
-+      controller:
-+        readiness:
-           enabled: true
-           params:
--            initialDelaySeconds: 5
--            timeoutSeconds: 10
-+            initialDelaySeconds: 30
-+            timeoutSeconds: 30
-+            periodSeconds: 60
-   dns_policy: "ClusterFirstWithHostNet"
-   replicas:
-     ovn_ovsdb_nb: 1
-@@ -176,18 +204,18 @@ pod:
-     ovs:
-       ovn_ovsdb_nb:
-         requests:
--          memory: "128Mi"
-+          memory: "384Mi"
-           cpu: "100m"
-         limits:
-           memory: "1024Mi"
--          cpu: "2000m"
-+          cpu: "1000m"
-       ovn_ovsdb_sb:
-         requests:
--          memory: "128Mi"
-+          memory: "384Mi"
-           cpu: "100m"
-         limits:
-           memory: "1024Mi"
--          cpu: "2000m"
-+          cpu: "1000m"
-       ovn_northd:
-         requests:
-           memory: "128Mi"
-diff --git b/ovn/templates/bin/_ovn-controller.sh.tpl a/charts/ovn/templates/bin/_ovn-controller.sh.tpl
-deleted file mode 100644
-index ecb659d2..00000000
---- b/ovn/templates/bin/_ovn-controller.sh.tpl
-+++ /dev/null
-@@ -1,39 +0,0 @@
--#!/bin/bash -xe
--
--# Copyright 2023 VEXXHOST, Inc.
--#
--# Licensed under the Apache License, Version 2.0 (the "License");
--# you may not use this file except in compliance with the License.
--# You may obtain a copy of the License at
--#
--#    http://www.apache.org/licenses/LICENSE-2.0
--#
--# Unless required by applicable law or agreed to in writing, software
--# distributed under the License is distributed on an "AS IS" BASIS,
--# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
--# See the License for the specific language governing permissions and
--# limitations under the License.
--
--COMMAND="${@:-start}"
--
--function start () {
--  /usr/share/ovn/scripts/ovn-ctl start_controller \
--    --ovn-manage-ovsdb=no
--
--  tail --follow=name /var/log/ovn/ovn-controller.log
--}
--
--function stop () {
--  /usr/share/ovn/scripts/ovn-ctl stop_controller
--  pkill tail
--}
--
--function liveness () {
--  ovs-appctl -t /var/run/ovn/ovn-controller.$(cat /var/run/ovn/ovn-controller.pid).ctl status
--}
--
--function readiness () {
--  ovs-appctl -t /var/run/ovn/ovn-controller.$(cat /var/run/ovn/ovn-controller.pid).ctl status
--}
--
--$COMMAND
-diff --git b/ovn/templates/bin/_ovn-northd.sh.tpl a/charts/ovn/templates/bin/_ovn-northd.sh.tpl
-deleted file mode 100644
-index fefd793c..00000000
---- b/ovn/templates/bin/_ovn-northd.sh.tpl
-+++ /dev/null
-@@ -1,57 +0,0 @@
--#!/bin/bash -xe
--
--# Copyright 2023 VEXXHOST, Inc.
--#
--# Licensed under the Apache License, Version 2.0 (the "License");
--# you may not use this file except in compliance with the License.
--# You may obtain a copy of the License at
--#
--#    http://www.apache.org/licenses/LICENSE-2.0
--#
--# Unless required by applicable law or agreed to in writing, software
--# distributed under the License is distributed on an "AS IS" BASIS,
--# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
--# See the License for the specific language governing permissions and
--# limitations under the License.
--
--COMMAND="${@:-start}"
--
--{{- $nb_svc_name := "ovn-ovsdb-nb" -}}
--{{- $nb_svc := (tuple $nb_svc_name "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup") -}}
--{{- $nb_port := (tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup") -}}
--{{- $nb_service_list := list -}}
--{{- range $i := until (.Values.pod.replicas.ovn_ovsdb_nb | int) -}}
--  {{- $nb_service_list = printf "tcp:%s-%d.%s:%s" $nb_svc_name $i $nb_svc $nb_port | append $nb_service_list -}}
--{{- end -}}
--
--{{- $sb_svc_name := "ovn-ovsdb-sb" -}}
--{{- $sb_svc := (tuple $sb_svc_name "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup") -}}
--{{- $sb_port := (tuple "ovn-ovsdb-sb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup") -}}
--{{- $sb_service_list := list -}}
--{{- range $i := until (.Values.pod.replicas.ovn_ovsdb_sb | int) -}}
--  {{- $sb_service_list = printf "tcp:%s-%d.%s:%s" $sb_svc_name $i $sb_svc $sb_port | append $sb_service_list -}}
--{{- end }}
--
--function start () {
--  /usr/share/ovn/scripts/ovn-ctl start_northd \
--    --ovn-manage-ovsdb=no \
--    --ovn-northd-nb-db={{ include "helm-toolkit.utils.joinListWithComma" $nb_service_list }} \
--    --ovn-northd-sb-db={{ include "helm-toolkit.utils.joinListWithComma" $sb_service_list }}
--
--  tail --follow=name /var/log/ovn/ovn-northd.log
--}
--
--function stop () {
--  /usr/share/ovn/scripts/ovn-ctl stop_northd
--  pkill tail
--}
--
--function liveness () {
--  ovs-appctl -t /var/run/ovn/ovn-northd.$(cat /var/run/ovn/ovn-northd.pid).ctl status
--}
--
--function readiness () {
--  ovs-appctl -t /var/run/ovn/ovn-northd.$(cat /var/run/ovn/ovn-northd.pid).ctl status
--}
--
--$COMMAND
-diff --git b/ovn/templates/bin/_ovsdb-server.sh.tpl a/charts/ovn/templates/bin/_ovsdb-server.sh.tpl
-deleted file mode 100644
-index e023505b..00000000
---- b/ovn/templates/bin/_ovsdb-server.sh.tpl
-+++ /dev/null
-@@ -1,72 +0,0 @@
--#!/bin/bash -xe
--
--# Copyright 2023 VEXXHOST, Inc.
--#
--# Licensed under the Apache License, Version 2.0 (the "License");
--# you may not use this file except in compliance with the License.
--# You may obtain a copy of the License at
--#
--#    http://www.apache.org/licenses/LICENSE-2.0
--#
--# Unless required by applicable law or agreed to in writing, software
--# distributed under the License is distributed on an "AS IS" BASIS,
--# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
--# See the License for the specific language governing permissions and
--# limitations under the License.
--
--COMMAND="${@:-start}"
--
--OVSDB_HOST=$(hostname -f)
--ARGS=(
--  --db-${OVS_DATABASE}-create-insecure-remote=yes
--  --db-${OVS_DATABASE}-cluster-local-proto=tcp
--  --db-${OVS_DATABASE}-cluster-local-addr=$(hostname -f)
--)
--
--if [[ ! $HOSTNAME == *-0 && $OVSDB_HOST =~ (.+)-([0-9]+)\. ]]; then
--  OVSDB_BOOTSTRAP_HOST="${BASH_REMATCH[1]}-0.${OVSDB_HOST#*.}"
--
--  ARGS+=(
--    --db-${OVS_DATABASE}-cluster-remote-proto=tcp
--    --db-${OVS_DATABASE}-cluster-remote-addr=${OVSDB_BOOTSTRAP_HOST}
--  )
--fi
--
--function start () {
--  /usr/share/ovn/scripts/ovn-ctl start_${OVS_DATABASE}_ovsdb ${ARGS[@]}
--
--  tail --follow=name /var/log/ovn/ovsdb-server-${OVS_DATABASE}.log
--}
--
--function stop () {
--  /usr/share/ovn/scripts/ovn-ctl stop_${OVS_DATABASE}_ovsdb
--  pkill tail
--}
--
--function liveness () {
--  if [[ $OVS_DATABASE == "nb" ]]; then
--    OVN_DATABASE="Northbound"
--  elif [[ $OVS_DATABASE == "sb" ]]; then
--    OVN_DATABASE="Southbound"
--  else
--    echo "OVS_DATABASE must be nb or sb"
--    exit 1
--  fi
--
--  ovs-appctl -t /var/run/ovn/ovn${OVS_DATABASE}_db.ctl cluster/status OVN_${OVN_DATABASE}
--}
--
--function readiness () {
--  if [[ $OVS_DATABASE == "nb" ]]; then
--    OVN_DATABASE="Northbound"
--  elif [[ $OVS_DATABASE == "sb" ]]; then
--    OVN_DATABASE="Southbound"
--  else
--    echo "OVS_DATABASE must be nb or sb"
--    exit 1
--  fi
--
--  ovs-appctl -t /var/run/ovn/ovn${OVS_DATABASE}_db.ctl cluster/status OVN_${OVN_DATABASE}
--}
--
--$COMMAND
diff --git a/charts/patches/ovn/0001-update-annotation-key.patch b/charts/patches/ovn/0001-update-annotation-key.patch
new file mode 100644
index 0000000..541fecf
--- /dev/null
+++ b/charts/patches/ovn/0001-update-annotation-key.patch
@@ -0,0 +1,35 @@
+From c4a752118fe027f1839da42842c9e23ea125daf7 Mon Sep 17 00:00:00 2001
+From: ricolin <rlin@vexxhost.com>
+Date: Wed, 13 Nov 2024 17:01:30 +0800
+Subject: [PATCH] update annotation key
+
+Change-Id: Icc34433a9ce4614460be02b4671d9b7c8767eeed
+---
+ ovn/templates/bin/_ovn-controller-init.sh.tpl | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/ovn/templates/bin/_ovn-controller-init.sh.tpl b/ovn/templates/bin/_ovn-controller-init.sh.tpl
+index 357c069d..1d303c8d 100644
+--- a/ovn/templates/bin/_ovn-controller-init.sh.tpl
++++ b/ovn/templates/bin/_ovn-controller-init.sh.tpl
+@@ -14,7 +14,7 @@
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+ 
+-ANNOTATION_KEY="openstack-helm-infra/ovn-system-id"
++ANNOTATION_KEY="atmosphere.cloud/ovn-system-id"
+ 
+ function get_ip_address_from_interface {
+   local interface=$1
+@@ -82,7 +82,7 @@ function get_current_system_id {
+ }
+ 
+ function get_stored_system_id {
+-  kubectl get node "$NODE_NAME" -o "jsonpath={.metadata.annotations.openstack-helm-infra/ovn-system-id}"
++  kubectl get node "$NODE_NAME" -o "jsonpath={.metadata.annotations.atmosphere\.cloud/ovn-system-id}"
+ }
+ 
+ function store_system_id() {
+-- 
+2.25.1
+
diff --git a/charts/patches/ovn/0002-add-logging-parser.patch b/charts/patches/ovn/0002-add-logging-parser.patch
deleted file mode 100644
index 376a924..0000000
--- a/charts/patches/ovn/0002-add-logging-parser.patch
+++ /dev/null
@@ -1,316 +0,0 @@
-diff --git a/ovn/templates/bin/_ovn-network-logging-parser.sh.tpl b/ovn/templates/bin/_ovn-network-logging-parser.sh.tpl
-new file mode 100644
-index 00000000..06eaaa7f
---- /dev/null
-+++ b/ovn/templates/bin/_ovn-network-logging-parser.sh.tpl
-@@ -0,0 +1,28 @@
-+#!/bin/bash
-+
-+{{/*
-+Licensed under the Apache License, Version 2.0 (the "License");
-+you may not use this file except in compliance with the License.
-+You may obtain a copy of the License at
-+
-+   http://www.apache.org/licenses/LICENSE-2.0
-+
-+Unless required by applicable law or agreed to in writing, software
-+distributed under the License is distributed on an "AS IS" BASIS,
-+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+See the License for the specific language governing permissions and
-+limitations under the License.
-+*/}}
-+
-+set -ex
-+COMMAND="${@:-start}"
-+
-+function start () {
-+  exec uwsgi --ini /etc/neutron/neutron-ovn-network-logging-parser-uwsgi.ini
-+}
-+
-+function stop () {
-+  kill -TERM 1
-+}
-+
-+$COMMAND
-diff --git a/ovn/templates/configmap-bin.yaml b/ovn/templates/configmap-bin.yaml
-index 82001f99..77547470 100644
---- a/ovn/templates/configmap-bin.yaml
-+++ b/ovn/templates/configmap-bin.yaml
-@@ -26,4 +26,6 @@ data:
- {{- end }}
-   ovn-controller-init.sh: |
- {{ tuple "bin/_ovn-controller-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
-+  ovn-network-logging-parser.sh: |
-+{{ tuple "bin/_ovn-network-logging-parser.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
- {{- end }}
-diff --git a/ovn/templates/configmap-etc.yaml b/ovn/templates/configmap-etc.yaml
-index 47b84be8..0d221f19 100644
---- a/ovn/templates/configmap-etc.yaml
-+++ b/ovn/templates/configmap-etc.yaml
-@@ -17,6 +17,12 @@ limitations under the License.
- {{- $envAll := index . 1 }}
- {{- with $envAll }}
- 
-+{{- if empty (index .Values.conf.ovn_network_logging_parser_uwsgi.uwsgi "http-socket") -}}
-+{{- $http_socket_port := tuple "ovn_logging_parser" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | toString }}
-+{{- $http_socket := printf "0.0.0.0:%s" $http_socket_port }}
-+{{- $_ := set .Values.conf.ovn_network_logging_parser_uwsgi.uwsgi "http-socket" $http_socket -}}
-+{{- end -}}
-+
- ---
- apiVersion: v1
- kind: Secret
-@@ -25,7 +31,7 @@ metadata:
- type: Opaque
- data:
-   auto_bridge_add: {{ toJson $envAll.Values.conf.auto_bridge_add | b64enc }}
--
-+  neutron-ovn-network-logging-parser-uwsgi.ini: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.ovn_network_logging_parser_uwsgi | b64enc }}
- {{- end }}
- {{- end }}
- 
-diff --git a/ovn/templates/daemonset-controller.yaml b/ovn/templates/daemonset-controller.yaml
-index 6c240213..82b70f78 100644
---- a/ovn/templates/daemonset-controller.yaml
-+++ b/ovn/templates/daemonset-controller.yaml
-@@ -156,6 +156,52 @@ spec:
-               mountPath: /var/log/ovn
-             - name: run-openvswitch
-               mountPath: /run/ovn
-+        {{- if .Values.pod.sidecars.vector }}
-+        - name: vector
-+{{ tuple $envAll "vector" | include "helm-toolkit.snippets.image" | indent 10 }}
-+{{ tuple $envAll $envAll.Values.pod.resources.vector | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-+{{ dict "envAll" $envAll "application" "ovn_controller" "container" "vector" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
-+          command:
-+            - vector
-+            - --config
-+            - /etc/vector/vector.toml
-+          volumeMounts:
-+            - name: vector-config
-+              mountPath: /etc/vector
-+            - name: logs
-+              mountPath: /logs
-+            - name: vector-data
-+              mountPath: /var/lib/vector
-+        {{- end }}
-+        {{- if .Values.pod.sidecars.ovn_logging_parser }}
-+        - name: log-parser
-+{{ tuple $envAll "ovn_logging_parser" | include "helm-toolkit.snippets.image" | indent 10 }}
-+{{ tuple $envAll $envAll.Values.pod.resources.ovn_logging_parser | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-+{{ dict "envAll" $envAll "application" "ovn_controller" "container" "ovn_logging_parser" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
-+          command:
-+            - /tmp/ovn-network-logging-parser.sh
-+            - start
-+          env:
-+            - name: VECTOR_HTTP_ENDPOINT
-+              value: http://localhost:5001
-+          ports:
-+            - name: http
-+              containerPort: {{ tuple "ovn_logging_parser" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
-+              protocol: TCP
-+          volumeMounts:
-+            - name: neutron-etc
-+              mountPath: /etc/neutron/neutron.conf
-+              subPath: neutron.conf
-+              readOnly: true
-+            - name: ovn-bin
-+              mountPath: /tmp/ovn-network-logging-parser.sh
-+              subPath: ovn-network-logging-parser.sh
-+              readOnly: true
-+            - name: ovn-etc
-+              mountPath: /etc/neutron/neutron-ovn-network-logging-parser-uwsgi.ini
-+              subPath: neutron-ovn-network-logging-parser-uwsgi.ini
-+              readOnly: true
-+        {{- end }}
-       volumes:
-         - name: ovn-bin
-           configMap:
-@@ -179,4 +225,17 @@ spec:
-             type: DirectoryOrCreate
-         - name: gw-enabled
-           emptyDir: {}
-+        {{- if .Values.pod.sidecars.vector }}
-+        - name: vector-config
-+          secret:
-+            secretName: ovn-vector-config
-+        - name: vector-data
-+          emptyDir: {}
-+        {{- end }}
-+        {{- if .Values.pod.sidecars.ovn_logging_parser }}
-+        - name: neutron-etc
-+          secret:
-+            secretName: neutron-etc
-+            defaultMode: 0444
-+        {{- end }}
- {{- end }}
-diff --git a/ovn/templates/secret-vector.yaml b/ovn/templates/secret-vector.yaml
-new file mode 100644
-index 00000000..989f3afa
---- /dev/null
-+++ b/ovn/templates/secret-vector.yaml
-@@ -0,0 +1,26 @@
-+{{/*
-+Licensed under the Apache License, Version 2.0 (the "License");
-+you may not use this file except in compliance with the License.
-+You may obtain a copy of the License at
-+
-+   http://www.apache.org/licenses/LICENSE-2.0
-+
-+Unless required by applicable law or agreed to in writing, software
-+distributed under the License is distributed on an "AS IS" BASIS,
-+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+See the License for the specific language governing permissions and
-+limitations under the License.
-+*/}}
-+
-+{{- if .Values.pod.sidecars.vector }}
-+{{- $envAll := . }}
-+
-+---
-+apiVersion: v1
-+kind: Secret
-+metadata:
-+  name: ovn-vector-config
-+type: Opaque
-+data:
-+{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.vector "key" "vector.toml" "format" "Secret" ) | indent 2 }}
-+{{- end }}
-diff --git a/ovn/values.yaml b/ovn/values.yaml
-index 8459e33a..3ffdecec 100644
---- a/ovn/values.yaml
-+++ b/ovn/values.yaml
-@@ -27,6 +27,8 @@ images:
-     ovn_controller_kubectl: docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_jammy
-     dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal
-     image_repo_sync: docker.io/library/docker:17.07.0
-+    vector: docker.io/timberio/vector:0.39.0-debian
-+    ovn_logging_parser: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
-   pull_policy: "IfNotPresent"
-   local_registry:
-     active: false
-@@ -83,6 +85,56 @@ conf:
-   #   br-public: eth1
-   auto_bridge_add: {}
- 
-+  ovn_network_logging_parser_uwsgi:
-+    uwsgi:
-+      add-header: "Connection: close"
-+      buffer-size: 65535
-+      die-on-term: true
-+      enable-threads: true
-+      exit-on-reload: false
-+      hook-master-start: unix_signal:15 gracefully_kill_them_all
-+      lazy-apps: true
-+      log-x-forwarded-for: true
-+      master: true
-+      processes: 1
-+      procname-prefix-spaced: "neutron-ovn-network-logging-parser:"
-+      route-user-agent: '^kube-probe.* donotlog:'
-+      thunder-lock: true
-+      worker-reload-mercy: 80
-+      wsgi-file: /var/lib/openstack/bin/neutron-ovn-network-logging-parser-wsgi
-+  vector: |
-+    [sources.file_logs]
-+    type = "file"
-+    include = [ "/logs/ovn-controller.log" ]
-+
-+    [sinks.ovn_log_parser_in]
-+    type = "http"
-+    inputs = ["file_logs"]
-+    uri = "{{ tuple "ovn_logging_parser" "default" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}"
-+    encoding.codec = "json"
-+    method = "post"
-+
-+    [sources.ovn_log_parser_out]
-+    type = "http_server"
-+    address = "0.0.0.0:5001"
-+    encoding = "json"
-+
-+    [transforms.parse_log_message]
-+    type = "remap"
-+    inputs = ["ovn_log_parser_out"]
-+    source = '''
-+      del(.source_type)
-+      del(.path)
-+    '''
-+
-+    [sinks.loki_sink]
-+    type = "loki"
-+    labels.event_source = "network_logs"
-+    inputs = ["parse_log_message"]
-+    endpoint = "http://loki.monitoring:3100"
-+    encoding.codec = "json"
-+    tenant_id = "{{`{{ project_id }}`}}"
-+
- pod:
-   # NOTE: should be same as nova.pod.use_fqdn.compute
-   use_fqdn:
-@@ -102,6 +154,12 @@ pod:
-         controller:
-           readOnlyRootFilesystem: true
-           privileged: true
-+        ovn_logging_parser:
-+          allowPrivilegeEscalation: false
-+          readOnlyRootFilesystem: true
-+        vector:
-+          allowPrivilegeEscalation: false
-+          readOnlyRootFilesystem: true
-   tolerations:
-     ovn_ovsdb_nb:
-       enabled: false
-@@ -217,6 +275,20 @@ pod:
-         limits:
-           memory: "1024Mi"
-           cpu: "2000m"
-+    ovn_logging_parser:
-+      requests:
-+        memory: "128Mi"
-+        cpu: "100m"
-+      limits:
-+        memory: "256Mi"
-+        cpu: "500m"
-+    vector:
-+      requests:
-+        memory: "128Mi"
-+        cpu: "100m"
-+      limits:
-+        memory: "256Mi"
-+        cpu: "500m"
-     jobs:
-       image_repo_sync:
-         requests:
-@@ -226,6 +298,10 @@ pod:
-           memory: "1024Mi"
-           cpu: "2000m"
- 
-+  sidecars:
-+    ovn_logging_parser: false
-+    vector: false
-+
- secrets:
-   oci_image_registry:
-     ovn: ovn-oci-image-registry-key
-@@ -284,6 +360,22 @@ endpoints:
-         default: 6642
-       raft:
-         default: 6644
-+  ovn_logging_parser:
-+    name: ovn-logging-parser
-+    namespace: null
-+    hosts:
-+      default: localhost
-+    host_fqdn_override:
-+      default: localhost
-+    scheme:
-+      default: 'http'
-+      service: 'http'
-+    path:
-+      default: "/logs"
-+    port:
-+      api:
-+        default: 9697
-+        service: 9697
- 
- network_policy:
-   ovn_ovsdb_nb: