[stable/zed] [ATMOSPHERE-594] Sync OVN charts (#2312)
This is an automated cherry-pick of #2129
/assign mnaser
diff --git a/.charts.yml b/.charts.yml
index c01daa5..cb5ebe3 100644
--- a/.charts.yml
+++ b/.charts.yml
@@ -164,13 +164,14 @@
repository: *openstack_helm_infra_repository
dependencies: *openstack_helm_dependencies
- name: ovn
- version: 0.1.13
+ version: 0.1.15
repository: *openstack_helm_infra_repository
dependencies: *openstack_helm_dependencies
patches:
gerrit:
review.opendev.org:
- - 933333
+ - 934929
+ - 934931
- name: placement
version: 0.3.9
repository: *openstack_helm_repository
diff --git a/charts/ovn/Chart.yaml b/charts/ovn/Chart.yaml
index 00f498b..89f34fd 100644
--- a/charts/ovn/Chart.yaml
+++ b/charts/ovn/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://github.com/ovn-org/ovn
- https://opendev.org/openstack/openstack-helm
-version: 0.1.13
+version: 0.1.15
diff --git a/charts/ovn/templates/daemonset-controller.yaml b/charts/ovn/templates/daemonset-controller.yaml
index 82b70f7..3c2933f 100644
--- a/charts/ovn/templates/daemonset-controller.yaml
+++ b/charts/ovn/templates/daemonset-controller.yaml
@@ -128,7 +128,7 @@
containers:
- name: controller
{{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
-{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ tuple $envAll $envAll.Values.pod.resources.ovn_controller | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "ovn_controller" "container" "controller" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
command:
- /root/ovnkube.sh
diff --git a/charts/ovn/templates/deployment-northd.yaml b/charts/ovn/templates/deployment-northd.yaml
index f945bb2..2dbbb68 100644
--- a/charts/ovn/templates/deployment-northd.yaml
+++ b/charts/ovn/templates/deployment-northd.yaml
@@ -59,7 +59,7 @@
- /root/ovnkube.sh
- run-ovn-northd
{{ tuple $envAll "ovn_northd" | include "helm-toolkit.snippets.image" | indent 10 }}
-{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ tuple $envAll $envAll.Values.pod.resources.ovn_northd | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "ovn_northd" "container" "northd" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
{{ dict "envAll" . "component" "ovn_northd" "container" "northd" "type" "readiness" "probeTemplate" (include "northdReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
{{ dict "envAll" . "component" "ovn_northd" "container" "northd" "type" "liveness" "probeTemplate" (include "northdReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
diff --git a/charts/ovn/templates/statefulset-ovsdb-nb.yaml b/charts/ovn/templates/statefulset-ovsdb-nb.yaml
index 98e70ad..d19d510 100644
--- a/charts/ovn/templates/statefulset-ovsdb-nb.yaml
+++ b/charts/ovn/templates/statefulset-ovsdb-nb.yaml
@@ -71,9 +71,8 @@
- nb-ovsdb
{{- end }}
{{ tuple $envAll "ovn_ovsdb_nb" | include "helm-toolkit.snippets.image" | indent 10 }}
-{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ tuple $envAll $envAll.Values.pod.resources.ovn_ovsdb_nb | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" . "component" "ovn_ovsdb_nb" "container" "ovsdb" "type" "readiness" "probeTemplate" (include "ovnnbReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
-
ports:
- containerPort: {{ tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- containerPort: {{ tuple "ovn-ovsdb-nb" "internal" "raft" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
diff --git a/charts/ovn/templates/statefulset-ovsdb-sb.yaml b/charts/ovn/templates/statefulset-ovsdb-sb.yaml
index 694348b..a6180aa 100644
--- a/charts/ovn/templates/statefulset-ovsdb-sb.yaml
+++ b/charts/ovn/templates/statefulset-ovsdb-sb.yaml
@@ -71,7 +71,7 @@
- sb-ovsdb
{{- end }}
{{ tuple $envAll "ovn_ovsdb_sb" | include "helm-toolkit.snippets.image" | indent 10 }}
-{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ tuple $envAll $envAll.Values.pod.resources.ovn_ovsdb_sb | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" . "component" "ovn_ovsdb_sb" "container" "ovsdb" "type" "readiness" "probeTemplate" (include "ovnsbReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
ports:
- containerPort: {{ tuple "ovn-ovsdb-sb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
diff --git a/charts/ovn/values.yaml b/charts/ovn/values.yaml
index 3ffdece..0191c85 100644
--- a/charts/ovn/values.yaml
+++ b/charts/ovn/values.yaml
@@ -84,7 +84,6 @@
# br-private: eth0
# br-public: eth1
auto_bridge_add: {}
-
ovn_network_logging_parser_uwsgi:
uwsgi:
add-header: "Connection: close"
@@ -246,35 +245,34 @@
max_unavailable: 1
resources:
enabled: false
- ovs:
- ovn_ovsdb_nb:
- requests:
- memory: "384Mi"
- cpu: "100m"
- limits:
- memory: "1024Mi"
- cpu: "1000m"
- ovn_ovsdb_sb:
- requests:
- memory: "384Mi"
- cpu: "100m"
- limits:
- memory: "1024Mi"
- cpu: "1000m"
- ovn_northd:
- requests:
- memory: "128Mi"
- cpu: "100m"
- limits:
- memory: "1024Mi"
- cpu: "2000m"
- ovn_controller:
- requests:
- memory: "128Mi"
- cpu: "100m"
- limits:
- memory: "1024Mi"
- cpu: "2000m"
+ ovn_ovsdb_nb:
+ requests:
+ memory: "384Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "1000m"
+ ovn_ovsdb_sb:
+ requests:
+ memory: "384Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "1000m"
+ ovn_northd:
+ requests:
+ memory: "128Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ ovn_controller:
+ requests:
+ memory: "128Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
ovn_logging_parser:
requests:
memory: "128Mi"
diff --git a/charts/patches/ovn/0001-switch-to-ovn-kubernetes.patch b/charts/patches/ovn/0001-switch-to-ovn-kubernetes.patch
deleted file mode 100644
index 35719dd..0000000
--- a/charts/patches/ovn/0001-switch-to-ovn-kubernetes.patch
+++ /dev/null
@@ -1,941 +0,0 @@
-diff --git a/ovn/templates/bin/_ovn-controller-init.sh.tpl b/ovn/templates/bin/_ovn-controller-init.sh.tpl
-index 55cc2ecb..885204a0 100644
---- a/ovn/templates/bin/_ovn-controller-init.sh.tpl
-+++ b/ovn/templates/bin/_ovn-controller-init.sh.tpl
-@@ -14,6 +14,8 @@
- # See the License for the specific language governing permissions and
- # limitations under the License.
-
-+ANNOTATION_KEY="atmosphere.cloud/ovn-system-id"
-+
- function get_ip_address_from_interface {
- local interface=$1
- local ip=$(ip -4 -o addr s "${interface}" | awk '{ print $4; exit }' | awk -F '/' 'NR==1 {print $1}')
-@@ -75,6 +77,19 @@ function migrate_ip_from_nic {
- set -e
- }
-
-+function get_current_system_id {
-+ ovs-vsctl --if-exists get Open_vSwitch . external_ids:system-id | tr -d '"'
-+}
-+
-+function get_stored_system_id {
-+ kubectl get node "$NODE_NAME" -o "jsonpath={.metadata.annotations.atmosphere\.cloud/ovn-system-id}"
-+}
-+
-+function store_system_id() {
-+ local system_id=$1
-+ kubectl annotate node "$NODE_NAME" "$ANNOTATION_KEY=$system_id"
-+}
-+
- # Detect tunnel interface
- tunnel_interface="{{- .Values.network.interface.tunnel -}}"
- if [ -z "${tunnel_interface}" ] ; then
-@@ -89,13 +104,25 @@ if [ -z "${tunnel_interface}" ] ; then
- fi
- ovs-vsctl set open . external_ids:ovn-encap-ip="$(get_ip_address_from_interface ${tunnel_interface})"
-
--# Configure system ID
--set +e
--ovs-vsctl get open . external-ids:system-id
--if [ $? -eq 1 ]; then
-- ovs-vsctl set open . external-ids:system-id="$(uuidgen)"
-+# Get the stored system-id from the Kubernetes node annotation
-+stored_system_id=$(get_stored_system_id)
-+
-+# Get the current system-id set in OVS
-+current_system_id=$(get_current_system_id)
-+
-+if [ -n "$stored_system_id" ] && [ "$stored_system_id" != "$current_system_id" ]; then
-+ # If the annotation exists and does not match the current system-id, set the system-id to the stored one
-+ ovs-vsctl set Open_vSwitch . external_ids:system-id="$stored_system_id"
-+elif [ -z "$current_system_id" ]; then
-+ # If no current system-id is set, generate a new one
-+ current_system_id=$(uuidgen)
-+ ovs-vsctl set Open_vSwitch . external_ids:system-id="$current_system_id"
-+ # Store the new system-id in the Kubernetes node annotation
-+ store_system_id "$current_system_id"
-+elif [ -z "$stored_system_id" ]; then
-+ # If there is no stored system-id, store the current one
-+ store_system_id "$current_system_id"
- fi
--set -e
-
- # Configure OVN remote
- {{- if empty .Values.conf.ovn_remote -}}
-@@ -125,6 +152,10 @@ else
- ovs-vsctl set open . external-ids:ovn-cms-options={{ .Values.conf.ovn_cms_options }}
- fi
-
-+{{ if .Values.conf.ovn_bridge_datapath_type -}}
-+ovs-vsctl set open . external-ids:ovn-bridge-datapath-type="{{ .Values.conf.ovn_bridge_datapath_type }}"
-+{{- end }}
-+
- # Configure hostname
- {{- if .Values.pod.use_fqdn.compute }}
- ovs-vsctl set open . external-ids:hostname="$(hostname -f)"
-diff --git a/ovn/templates/clusterrole-controller.yaml b/ovn/templates/clusterrole-controller.yaml
-new file mode 100644
-index 00000000..8291f65a
---- /dev/null
-+++ b/ovn/templates/clusterrole-controller.yaml
-@@ -0,0 +1,12 @@
-+apiVersion: rbac.authorization.k8s.io/v1
-+kind: ClusterRole
-+metadata:
-+ name: ovn-controller
-+rules:
-+- apiGroups:
-+ - ""
-+ resources:
-+ - nodes
-+ verbs:
-+ - get
-+ - patch
-diff --git a/ovn/templates/clusterrolebinding-controller.yaml b/ovn/templates/clusterrolebinding-controller.yaml
-new file mode 100644
-index 00000000..c95ef5e9
---- /dev/null
-+++ b/ovn/templates/clusterrolebinding-controller.yaml
-@@ -0,0 +1,15 @@
-+apiVersion: rbac.authorization.k8s.io/v1
-+kind: ClusterRoleBinding
-+metadata:
-+ name: ovn-controller
-+roleRef:
-+ apiGroup: rbac.authorization.k8s.io
-+ kind: ClusterRole
-+ name: ovn-controller
-+subjects:
-+- kind: ServiceAccount
-+ name: ovn-controller
-+ namespace: {{ .Release.Namespace }}
-+- kind: ServiceAccount
-+ name: ovn-controller-gw
-+ namespace: {{ .Release.Namespace }}
-diff --git a/ovn/templates/configmap-bin.yaml b/ovn/templates/configmap-bin.yaml
-index a849dd8a..82001f99 100644
---- a/ovn/templates/configmap-bin.yaml
-+++ b/ovn/templates/configmap-bin.yaml
-@@ -24,12 +24,6 @@ data:
- image-repo-sync.sh: |
- {{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }}
- {{- end }}
-- ovsdb-server.sh: |
--{{ tuple "bin/_ovsdb-server.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
-- ovn-northd.sh: |
--{{ tuple "bin/_ovn-northd.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
- ovn-controller-init.sh: |
- {{ tuple "bin/_ovn-controller-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
-- ovn-controller.sh: |
--{{ tuple "bin/_ovn-controller.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
- {{- end }}
-diff --git a/ovn/templates/daemonset-controller.yaml b/ovn/templates/daemonset-controller.yaml
-index 4cd5d9b2..fae94512 100644
---- a/ovn/templates/daemonset-controller.yaml
-+++ b/ovn/templates/daemonset-controller.yaml
-@@ -12,6 +12,15 @@ See the License for the specific language governing permissions and
- limitations under the License.
- */}}
-
-+{{- define "controllerReadinessProbeTemplate" }}
-+exec:
-+ command:
-+ - /usr/bin/ovn-kube-util
-+ - readiness-probe
-+ - -t
-+ - ovn-controller
-+{{- end }}
-+
- {{- if .Values.manifests.daemonset_ovn_controller }}
- {{- $envAll := . }}
-
-@@ -106,6 +106,11 @@ spec:
- {{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
- command:
- - /tmp/ovn-controller-init.sh
-+ env:
-+ - name: NODE_NAME
-+ valueFrom:
-+ fieldRef:
-+ fieldPath: spec.nodeName
- volumeMounts:
- - name: ovn-bin
- mountPath: /tmp/ovn-controller-init.sh
-@@ -117,17 +122,23 @@ spec:
- {{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
- {{ dict "envAll" $envAll "application" "ovn_controller" "container" "controller" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
- command:
-- - /tmp/ovn-controller.sh
-- - start
-- lifecycle:
-- preStop:
-- exec:
-- command:
-- - /tmp/ovn-controller.sh
-- - stop
-+ - /root/ovnkube.sh
-+ - ovn-controller
-+{{ dict "envAll" . "component" "ovn_controller" "container" "controller" "type" "readiness" "probeTemplate" (include "controllerReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
-+ env:
-+ - name: OVN_DAEMONSET_VERSION
-+ value: "3"
-+ - name: OVN_LOGLEVEL_CONTROLLER
-+ value: "-vconsole:info -vfile:info"
-+ - name: OVN_KUBERNETES_NAMESPACE
-+ valueFrom:
-+ fieldRef:
-+ fieldPath: metadata.namespace
-+ - name: OVN_KUBERNETES_NB_STATEFULSET
-+ value: ovn-ovsdb-nb
-+ - name: OVN_KUBERNETES_SB_STATEFULSET
-+ value: ovn-ovsdb-sb
-+ - name: OVN_SSL_ENABLE
-+ value: "no"
- volumeMounts:
-- - name: ovn-bin
-- mountPath: /tmp/ovn-controller.sh
-- subPath: ovn-controller.sh
-- readOnly: true
- - name: run-openvswitch
-@@ -154,7 +154,7 @@ spec:
- mountPath: /run/openvswitch
- - name: logs
- mountPath: /var/log/ovn
-- - name: run-ovn
-+ - name: run-openvswitch
- mountPath: /run/ovn
- {{- if .Values.pod.sidecars.vector }}
- - name: vector
-diff --git a/ovn/templates/deployment-northd.yaml b/ovn/templates/deployment-northd.yaml
-index e3afdd05..ae31b357 100644
---- a/ovn/templates/deployment-northd.yaml
-+++ b/ovn/templates/deployment-northd.yaml
-@@ -12,18 +12,13 @@ See the License for the specific language governing permissions and
- limitations under the License.
- */}}
-
--{{- define "livenessProbeTemplate" }}
-+{{- define "northdReadinessProbeTemplate" }}
- exec:
- command:
-- - /tmp/ovn-northd.sh
-- - liveness
--{{- end }}
--
--{{- define "readinessProbeTemplate" }}
--exec:
-- command:
-- - /tmp/ovn-northd.sh
-- - readiness
-+ - /usr/bin/ovn-kube-util
-+ - readiness-probe
-+ - -t
-+ - ovn-northd
- {{- end }}
-
- {{- if .Values.manifests.deployment_northd }}
-@@ -60,28 +55,27 @@ spec:
- {{- tuple $envAll "ovn_northd" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
- containers:
- - name: northd
-+ command:
-+ - /root/ovnkube.sh
-+ - run-ovn-northd
- {{ tuple $envAll "ovn_northd" | include "helm-toolkit.snippets.image" | indent 10 }}
- {{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
- {{ dict "envAll" $envAll "application" "ovn_northd" "container" "northd" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
--{{ dict "envAll" . "component" "ovn_northd" "container" "northd" "type" "liveness" "probeTemplate" (include "livenessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
--{{ dict "envAll" . "component" "ovn_northd" "container" "northd" "type" "readiness" "probeTemplate" (include "readinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
-- command:
-- - /tmp/ovn-northd.sh
-- - start
-- lifecycle:
-- preStop:
-- exec:
-- command:
-- - /tmp/ovn-northd.sh
-- - stop
-- volumeMounts:
-- - name: ovn-bin
-- mountPath: /tmp/ovn-northd.sh
-- subPath: ovn-northd.sh
-- readOnly: true
-- volumes:
-- - name: ovn-bin
-- configMap:
-- name: ovn-bin
-- defaultMode: 0555
-+{{ dict "envAll" . "component" "ovn_northd" "container" "northd" "type" "readiness" "probeTemplate" (include "northdReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
-+{{ dict "envAll" . "component" "ovn_northd" "container" "northd" "type" "liveness" "probeTemplate" (include "northdReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
-+ env:
-+ - name: OVN_DAEMONSET_VERSION
-+ value: "3"
-+ - name: OVN_LOGLEVEL_NORTHD
-+ value: "-vconsole:info -vfile:info"
-+ - name: OVN_KUBERNETES_NAMESPACE
-+ valueFrom:
-+ fieldRef:
-+ fieldPath: metadata.namespace
-+ - name: OVN_KUBERNETES_NB_STATEFULSET
-+ value: ovn-ovsdb-nb
-+ - name: OVN_KUBERNETES_SB_STATEFULSET
-+ value: ovn-ovsdb-sb
-+ - name: OVN_SSL_ENABLE
-+ value: "no"
- {{- end }}
-diff --git a/ovn/templates/role-controller.yaml b/ovn/templates/role-controller.yaml
-new file mode 100644
-index 00000000..de3cfa6d
---- /dev/null
-+++ b/ovn/templates/role-controller.yaml
-@@ -0,0 +1,11 @@
-+apiVersion: rbac.authorization.k8s.io/v1
-+kind: Role
-+metadata:
-+ name: ovn-controller
-+rules:
-+- apiGroups:
-+ - discovery.k8s.io
-+ resources:
-+ - endpointslices
-+ verbs:
-+ - list
-diff --git a/ovn/templates/role-northd.yaml b/ovn/templates/role-northd.yaml
-new file mode 100644
-index 00000000..ca02fae6
---- /dev/null
-+++ b/ovn/templates/role-northd.yaml
-@@ -0,0 +1,11 @@
-+apiVersion: rbac.authorization.k8s.io/v1
-+kind: Role
-+metadata:
-+ name: ovn-northd
-+rules:
-+- apiGroups:
-+ - discovery.k8s.io
-+ resources:
-+ - endpointslices
-+ verbs:
-+ - list
-diff --git a/ovn/templates/role-ovsdb.yaml b/ovn/templates/role-ovsdb.yaml
-new file mode 100644
-index 00000000..10e0e239
---- /dev/null
-+++ b/ovn/templates/role-ovsdb.yaml
-@@ -0,0 +1,19 @@
-+apiVersion: rbac.authorization.k8s.io/v1
-+kind: Role
-+metadata:
-+ name: ovn-ovsdb
-+rules:
-+- apiGroups:
-+ - "apps"
-+ resources:
-+ - statefulsets
-+ verbs:
-+ - get
-+- apiGroups:
-+ - ""
-+ resources:
-+ - pods
-+ - endpoints
-+ verbs:
-+ - list
-+ - get
-diff --git a/ovn/templates/rolebinding-controller.yaml b/ovn/templates/rolebinding-controller.yaml
-new file mode 100644
-index 00000000..7973c7e2
---- /dev/null
-+++ b/ovn/templates/rolebinding-controller.yaml
-@@ -0,0 +1,13 @@
-+apiVersion: rbac.authorization.k8s.io/v1
-+kind: RoleBinding
-+metadata:
-+ name: ovn-controller
-+roleRef:
-+ apiGroup: rbac.authorization.k8s.io
-+ kind: Role
-+ name: ovn-controller
-+subjects:
-+- kind: ServiceAccount
-+ name: ovn-controller
-+- kind: ServiceAccount
-+ name: ovn-controller-gw
-diff --git a/ovn/templates/rolebinding-northd.yaml b/ovn/templates/rolebinding-northd.yaml
-new file mode 100644
-index 00000000..428a4707
---- /dev/null
-+++ b/ovn/templates/rolebinding-northd.yaml
-@@ -0,0 +1,11 @@
-+apiVersion: rbac.authorization.k8s.io/v1
-+kind: RoleBinding
-+metadata:
-+ name: ovn-northd
-+roleRef:
-+ apiGroup: rbac.authorization.k8s.io
-+ kind: Role
-+ name: ovn-northd
-+subjects:
-+- kind: ServiceAccount
-+ name: ovn-northd
-diff --git a/ovn/templates/rolebinding-ovsdb.yaml b/ovn/templates/rolebinding-ovsdb.yaml
-new file mode 100644
-index 00000000..f32382bc
---- /dev/null
-+++ b/ovn/templates/rolebinding-ovsdb.yaml
-@@ -0,0 +1,13 @@
-+apiVersion: rbac.authorization.k8s.io/v1
-+kind: RoleBinding
-+metadata:
-+ name: ovn-ovsdb
-+roleRef:
-+ apiGroup: rbac.authorization.k8s.io
-+ kind: Role
-+ name: ovn-ovsdb
-+subjects:
-+- kind: ServiceAccount
-+ name: ovn-ovsdb-nb
-+- kind: ServiceAccount
-+ name: ovn-ovsdb-sb
-diff --git a/ovn/templates/service-ovsdb-nb.yaml b/ovn/templates/service-ovsdb-nb.yaml
-index b93da9b8..56f7cd09 100644
---- a/ovn/templates/service-ovsdb-nb.yaml
-+++ b/ovn/templates/service-ovsdb-nb.yaml
-@@ -20,6 +20,7 @@ kind: Service
- metadata:
- name: {{ tuple "ovn-ovsdb-nb" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
- spec:
-+ publishNotReadyAddresses: true
- ports:
- - name: ovsdb
- port: {{ tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
-diff --git a/ovn/templates/service-ovsdb-sb.yaml b/ovn/templates/service-ovsdb-sb.yaml
-index 70f62c6e..4a6b5864 100644
---- a/ovn/templates/service-ovsdb-sb.yaml
-+++ b/ovn/templates/service-ovsdb-sb.yaml
-@@ -20,6 +20,7 @@ kind: Service
- metadata:
- name: {{ tuple "ovn-ovsdb-sb" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
- spec:
-+ publishNotReadyAddresses: true
- ports:
- - name: ovsdb
- port: {{ tuple "ovn-ovsdb-sb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
-diff --git a/ovn/templates/statefulset-ovsdb-nb.yaml b/ovn/templates/statefulset-ovsdb-nb.yaml
-index 04958165..98e70ada 100644
---- a/ovn/templates/statefulset-ovsdb-nb.yaml
-+++ b/ovn/templates/statefulset-ovsdb-nb.yaml
-@@ -12,6 +12,19 @@ See the License for the specific language governing permissions and
- limitations under the License.
- */}}
-
-+{{- define "ovnnbReadinessProbeTemplate" }}
-+exec:
-+ command:
-+ - /usr/bin/ovn-kube-util
-+ - readiness-probe
-+ - -t
-+{{- if gt (int .Values.pod.replicas.ovn_ovsdb_nb) 1 }}
-+ - ovnnb-db-raft
-+{{- else }}
-+ - ovnnb-db
-+{{- end }}
-+{{- end }}
-+
- {{- if .Values.manifests.statefulset_ovn_ovsdb_nb }}
- {{- $envAll := . }}
-
-@@ -28,6 +41,7 @@ metadata:
- {{ tuple $envAll "ovn" "ovn-ovsdb-nb" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
- spec:
- serviceName: {{ tuple "ovn-ovsdb-nb" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
-+ podManagementPolicy: Parallel
- replicas: {{ .Values.pod.replicas.ovn_ovsdb_nb }}
- selector:
- matchLabels:
-@@ -49,43 +63,57 @@ spec:
- {{- tuple $envAll "ovn_ovsdb_nb" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
- containers:
- - name: ovsdb
-+ command:
-+ - /root/ovnkube.sh
-+{{- if gt (int .Values.pod.replicas.ovn_ovsdb_nb) 1 }}
-+ - nb-ovsdb-raft
-+{{- else }}
-+ - nb-ovsdb
-+{{- end }}
- {{ tuple $envAll "ovn_ovsdb_nb" | include "helm-toolkit.snippets.image" | indent 10 }}
- {{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-+{{ dict "envAll" . "component" "ovn_ovsdb_nb" "container" "ovsdb" "type" "readiness" "probeTemplate" (include "ovnnbReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
-+
- ports:
- - containerPort: {{ tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- - containerPort: {{ tuple "ovn-ovsdb-nb" "internal" "raft" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- env:
-- - name: OVS_DATABASE
-- value: nb
-- - name: OVS_PORT
-+ - name: OVN_DAEMONSET_VERSION
-+ value: "3"
-+ - name: OVN_LOGLEVEL_NB
-+ value: "-vconsole:info -vfile:info"
-+ - name: OVN_KUBERNETES_NAMESPACE
-+ valueFrom:
-+ fieldRef:
-+ fieldPath: metadata.namespace
-+ - name: OVN_KUBERNETES_STATEFULSET
-+ value: ovn-ovsdb-nb
-+ - name: POD_NAME
-+ valueFrom:
-+ fieldRef:
-+ fieldPath: metadata.name
-+ - name: OVN_SSL_ENABLE
-+ value: "no"
-+ - name: ENABLE_IPSEC
-+ value: "false"
-+ - name: OVN_NB_RAFT_ELECTION_TIMER
-+ value: "1000"
-+ - name: OVN_NB_PORT
- value: {{ tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
-- command:
-- - /tmp/ovsdb-server.sh
-- - start
-- lifecycle:
-- preStop:
-- exec:
-- command:
-- - /tmp/ovsdb-server.sh
-- - stop
-+ - name: OVN_NB_RAFT_PORT
-+ value: {{ tuple "ovn-ovsdb-nb" "internal" "raft" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
- volumeMounts:
-- - name: ovn-bin
-- mountPath: /tmp/ovsdb-server.sh
-- subPath: ovsdb-server.sh
-- readOnly: true
- - name: run-openvswitch
-- mountPath: /run/openvswitch
-+ mountPath: /var/run/openvswitch
-+ - name: run-openvswitch
-+ mountPath: /var/run/ovn
- - name: data
-- mountPath: {{ $envAll.Values.volume.ovn_ovsdb_nb.path }}
-+ mountPath: /etc/ovn
- volumes:
- - name: run-openvswitch
- hostPath:
- path: /run/openvswitch
- type: DirectoryOrCreate
-- - name: ovn-bin
-- configMap:
-- name: ovn-bin
-- defaultMode: 0555
- {{- if not .Values.volume.ovn_ovsdb_nb.enabled }}
- - name: data
- emptyDir: {}
-diff --git a/ovn/templates/statefulset-ovsdb-sb.yaml b/ovn/templates/statefulset-ovsdb-sb.yaml
-index 9e7b6670..694348b2 100644
---- a/ovn/templates/statefulset-ovsdb-sb.yaml
-+++ b/ovn/templates/statefulset-ovsdb-sb.yaml
-@@ -12,6 +12,19 @@ See the License for the specific language governing permissions and
- limitations under the License.
- */}}
-
-+{{- define "ovnsbReadinessProbeTemplate" }}
-+exec:
-+ command:
-+ - /usr/bin/ovn-kube-util
-+ - readiness-probe
-+ - -t
-+{{- if gt (int .Values.pod.replicas.ovn_ovsdb_sb) 1 }}
-+ - ovnsb-db-raft
-+{{- else }}
-+ - ovnsb-db
-+{{- end }}
-+{{- end }}
-+
- {{- if .Values.manifests.statefulset_ovn_ovsdb_sb }}
- {{- $envAll := . }}
-
-@@ -28,6 +41,7 @@ metadata:
- {{ tuple $envAll "ovn" "ovn-ovsdb-sb" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
- spec:
- serviceName: {{ tuple "ovn-ovsdb-sb" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
-+ podManagementPolicy: Parallel
- replicas: {{ .Values.pod.replicas.ovn_ovsdb_sb }}
- selector:
- matchLabels:
-@@ -49,43 +63,56 @@ spec:
- {{- tuple $envAll "ovn_ovsdb_sb" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
- containers:
- - name: ovsdb
-+ command:
-+ - /root/ovnkube.sh
-+{{- if gt (int .Values.pod.replicas.ovn_ovsdb_sb) 1 }}
-+ - sb-ovsdb-raft
-+{{- else }}
-+ - sb-ovsdb
-+{{- end }}
- {{ tuple $envAll "ovn_ovsdb_sb" | include "helm-toolkit.snippets.image" | indent 10 }}
- {{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-+{{ dict "envAll" . "component" "ovn_ovsdb_sb" "container" "ovsdb" "type" "readiness" "probeTemplate" (include "ovnsbReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
- ports:
- - containerPort: {{ tuple "ovn-ovsdb-sb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- - containerPort: {{ tuple "ovn-ovsdb-sb" "internal" "raft" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- env:
-- - name: OVS_DATABASE
-- value: sb
-- - name: OVS_PORT
-+ - name: OVN_DAEMONSET_VERSION
-+ value: "3"
-+ - name: OVN_LOGLEVEL_SB
-+ value: "-vconsole:info -vfile:info"
-+ - name: OVN_KUBERNETES_NAMESPACE
-+ valueFrom:
-+ fieldRef:
-+ fieldPath: metadata.namespace
-+ - name: OVN_KUBERNETES_STATEFULSET
-+ value: ovn-ovsdb-sb
-+ - name: POD_NAME
-+ valueFrom:
-+ fieldRef:
-+ fieldPath: metadata.name
-+ - name: OVN_SSL_ENABLE
-+ value: "no"
-+ - name: ENABLE_IPSEC
-+ value: "false"
-+ - name: OVN_SB_RAFT_ELECTION_TIMER
-+ value: "1000"
-+ - name: OVN_SB_PORT
- value: {{ tuple "ovn-ovsdb-sb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
-- command:
-- - /tmp/ovsdb-server.sh
-- - start
-- lifecycle:
-- preStop:
-- exec:
-- command:
-- - /tmp/ovsdb-server.sh
-- - stop
-+ - name: OVN_SB_RAFT_PORT
-+ value: {{ tuple "ovn-ovsdb-sb" "internal" "raft" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
- volumeMounts:
-- - name: ovn-bin
-- mountPath: /tmp/ovsdb-server.sh
-- subPath: ovsdb-server.sh
-- readOnly: true
- - name: run-openvswitch
-- mountPath: /run/openvswitch
-+ mountPath: /var/run/openvswitch
-+ - name: run-openvswitch
-+ mountPath: /var/run/ovn
- - name: data
-- mountPath: {{ $envAll.Values.volume.ovn_ovsdb_sb.path }}
-+ mountPath: /etc/ovn
- volumes:
- - name: run-openvswitch
- hostPath:
- path: /run/openvswitch
- type: DirectoryOrCreate
-- - name: ovn-bin
-- configMap:
-- name: ovn-bin
-- defaultMode: 0555
- {{- if not .Values.volume.ovn_ovsdb_sb.enabled }}
- - name: data
- emptyDir: {}
-@@ -95,10 +122,10 @@ spec:
- name: data
- spec:
- accessModes: ["ReadWriteOnce"]
-+ storageClassName: {{ $envAll.Values.volume.ovn_ovsdb_sb.class_name }}
- resources:
- requests:
- storage: {{ $envAll.Values.volume.ovn_ovsdb_sb.size }}
-- storageClassName: {{ $envAll.Values.volume.ovn_ovsdb_sb.class_name }}
- {{- end }}
-
- {{- end }}
-diff --git a/ovn/values.yaml b/ovn/values.yaml
-index a18184ab..b07a0f5a 100644
---- a/ovn/values.yaml
-+++ b/ovn/values.yaml
-@@ -51,12 +51,10 @@ labels:
-
- volume:
- ovn_ovsdb_nb:
-- path: /var/lib/ovn
- enabled: true
- class_name: general
- size: 5Gi
- ovn_ovsdb_sb:
-- path: /var/lib/ovn
- enabled: true
- class_name: general
- size: 5Gi
-@@ -76,6 +74,8 @@ conf:
- ovn_encap_type: geneve
- ovn_bridge: br-int
- ovn_bridge_mappings: external:br-ex
-+ # For DPDK enabled environments, enable netdev datapath type for br-int
-+ # ovn_bridge_datapath_type: netdev
-
- # auto_bridge_add:
- # br-private: eth0
-@@ -135,13 +135,41 @@ pod:
- readiness:
- enabled: true
- params:
-- initialDelaySeconds: 5
-- timeoutSeconds: 10
-- liveness:
-+ initialDelaySeconds: 30
-+ timeoutSeconds: 30
-+ periodSeconds: 60
-+ ovn_ovsdb_nb:
-+ ovsdb:
-+ readiness:
-+ enabled: true
-+ params:
-+ initialDelaySeconds: 30
-+ timeoutSeconds: 30
-+ periodSeconds: 60
-+ ovn_ovsdb_sb:
-+ ovsdb:
-+ readiness:
-+ enabled: true
-+ params:
-+ initialDelaySeconds: 30
-+ timeoutSeconds: 30
-+ periodSeconds: 60
-+ ovn_controller:
-+ controller:
-+ readiness:
-+ enabled: true
-+ params:
-+ initialDelaySeconds: 30
-+ timeoutSeconds: 30
-+ periodSeconds: 60
-+ ovn_controller_gw:
-+ controller:
-+ readiness:
- enabled: true
- params:
-- initialDelaySeconds: 5
-- timeoutSeconds: 10
-+ initialDelaySeconds: 30
-+ timeoutSeconds: 30
-+ periodSeconds: 60
- dns_policy: "ClusterFirstWithHostNet"
- replicas:
- ovn_ovsdb_nb: 1
-@@ -176,18 +204,18 @@ pod:
- ovs:
- ovn_ovsdb_nb:
- requests:
-- memory: "128Mi"
-+ memory: "384Mi"
- cpu: "100m"
- limits:
- memory: "1024Mi"
-- cpu: "2000m"
-+ cpu: "1000m"
- ovn_ovsdb_sb:
- requests:
-- memory: "128Mi"
-+ memory: "384Mi"
- cpu: "100m"
- limits:
- memory: "1024Mi"
-- cpu: "2000m"
-+ cpu: "1000m"
- ovn_northd:
- requests:
- memory: "128Mi"
-diff --git b/ovn/templates/bin/_ovn-controller.sh.tpl a/charts/ovn/templates/bin/_ovn-controller.sh.tpl
-deleted file mode 100644
-index ecb659d2..00000000
---- b/ovn/templates/bin/_ovn-controller.sh.tpl
-+++ /dev/null
-@@ -1,39 +0,0 @@
--#!/bin/bash -xe
--
--# Copyright 2023 VEXXHOST, Inc.
--#
--# Licensed under the Apache License, Version 2.0 (the "License");
--# you may not use this file except in compliance with the License.
--# You may obtain a copy of the License at
--#
--# http://www.apache.org/licenses/LICENSE-2.0
--#
--# Unless required by applicable law or agreed to in writing, software
--# distributed under the License is distributed on an "AS IS" BASIS,
--# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
--# See the License for the specific language governing permissions and
--# limitations under the License.
--
--COMMAND="${@:-start}"
--
--function start () {
-- /usr/share/ovn/scripts/ovn-ctl start_controller \
-- --ovn-manage-ovsdb=no
--
-- tail --follow=name /var/log/ovn/ovn-controller.log
--}
--
--function stop () {
-- /usr/share/ovn/scripts/ovn-ctl stop_controller
-- pkill tail
--}
--
--function liveness () {
-- ovs-appctl -t /var/run/ovn/ovn-controller.$(cat /var/run/ovn/ovn-controller.pid).ctl status
--}
--
--function readiness () {
-- ovs-appctl -t /var/run/ovn/ovn-controller.$(cat /var/run/ovn/ovn-controller.pid).ctl status
--}
--
--$COMMAND
-diff --git b/ovn/templates/bin/_ovn-northd.sh.tpl a/charts/ovn/templates/bin/_ovn-northd.sh.tpl
-deleted file mode 100644
-index fefd793c..00000000
---- b/ovn/templates/bin/_ovn-northd.sh.tpl
-+++ /dev/null
-@@ -1,57 +0,0 @@
--#!/bin/bash -xe
--
--# Copyright 2023 VEXXHOST, Inc.
--#
--# Licensed under the Apache License, Version 2.0 (the "License");
--# you may not use this file except in compliance with the License.
--# You may obtain a copy of the License at
--#
--# http://www.apache.org/licenses/LICENSE-2.0
--#
--# Unless required by applicable law or agreed to in writing, software
--# distributed under the License is distributed on an "AS IS" BASIS,
--# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
--# See the License for the specific language governing permissions and
--# limitations under the License.
--
--COMMAND="${@:-start}"
--
--{{- $nb_svc_name := "ovn-ovsdb-nb" -}}
--{{- $nb_svc := (tuple $nb_svc_name "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup") -}}
--{{- $nb_port := (tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup") -}}
--{{- $nb_service_list := list -}}
--{{- range $i := until (.Values.pod.replicas.ovn_ovsdb_nb | int) -}}
-- {{- $nb_service_list = printf "tcp:%s-%d.%s:%s" $nb_svc_name $i $nb_svc $nb_port | append $nb_service_list -}}
--{{- end -}}
--
--{{- $sb_svc_name := "ovn-ovsdb-sb" -}}
--{{- $sb_svc := (tuple $sb_svc_name "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup") -}}
--{{- $sb_port := (tuple "ovn-ovsdb-sb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup") -}}
--{{- $sb_service_list := list -}}
--{{- range $i := until (.Values.pod.replicas.ovn_ovsdb_sb | int) -}}
-- {{- $sb_service_list = printf "tcp:%s-%d.%s:%s" $sb_svc_name $i $sb_svc $sb_port | append $sb_service_list -}}
--{{- end }}
--
--function start () {
-- /usr/share/ovn/scripts/ovn-ctl start_northd \
-- --ovn-manage-ovsdb=no \
-- --ovn-northd-nb-db={{ include "helm-toolkit.utils.joinListWithComma" $nb_service_list }} \
-- --ovn-northd-sb-db={{ include "helm-toolkit.utils.joinListWithComma" $sb_service_list }}
--
-- tail --follow=name /var/log/ovn/ovn-northd.log
--}
--
--function stop () {
-- /usr/share/ovn/scripts/ovn-ctl stop_northd
-- pkill tail
--}
--
--function liveness () {
-- ovs-appctl -t /var/run/ovn/ovn-northd.$(cat /var/run/ovn/ovn-northd.pid).ctl status
--}
--
--function readiness () {
-- ovs-appctl -t /var/run/ovn/ovn-northd.$(cat /var/run/ovn/ovn-northd.pid).ctl status
--}
--
--$COMMAND
-diff --git b/ovn/templates/bin/_ovsdb-server.sh.tpl a/charts/ovn/templates/bin/_ovsdb-server.sh.tpl
-deleted file mode 100644
-index e023505b..00000000
---- b/ovn/templates/bin/_ovsdb-server.sh.tpl
-+++ /dev/null
-@@ -1,72 +0,0 @@
--#!/bin/bash -xe
--
--# Copyright 2023 VEXXHOST, Inc.
--#
--# Licensed under the Apache License, Version 2.0 (the "License");
--# you may not use this file except in compliance with the License.
--# You may obtain a copy of the License at
--#
--# http://www.apache.org/licenses/LICENSE-2.0
--#
--# Unless required by applicable law or agreed to in writing, software
--# distributed under the License is distributed on an "AS IS" BASIS,
--# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
--# See the License for the specific language governing permissions and
--# limitations under the License.
--
--COMMAND="${@:-start}"
--
--OVSDB_HOST=$(hostname -f)
--ARGS=(
-- --db-${OVS_DATABASE}-create-insecure-remote=yes
-- --db-${OVS_DATABASE}-cluster-local-proto=tcp
-- --db-${OVS_DATABASE}-cluster-local-addr=$(hostname -f)
--)
--
--if [[ ! $HOSTNAME == *-0 && $OVSDB_HOST =~ (.+)-([0-9]+)\. ]]; then
-- OVSDB_BOOTSTRAP_HOST="${BASH_REMATCH[1]}-0.${OVSDB_HOST#*.}"
--
-- ARGS+=(
-- --db-${OVS_DATABASE}-cluster-remote-proto=tcp
-- --db-${OVS_DATABASE}-cluster-remote-addr=${OVSDB_BOOTSTRAP_HOST}
-- )
--fi
--
--function start () {
-- /usr/share/ovn/scripts/ovn-ctl start_${OVS_DATABASE}_ovsdb ${ARGS[@]}
--
-- tail --follow=name /var/log/ovn/ovsdb-server-${OVS_DATABASE}.log
--}
--
--function stop () {
-- /usr/share/ovn/scripts/ovn-ctl stop_${OVS_DATABASE}_ovsdb
-- pkill tail
--}
--
--function liveness () {
-- if [[ $OVS_DATABASE == "nb" ]]; then
-- OVN_DATABASE="Northbound"
-- elif [[ $OVS_DATABASE == "sb" ]]; then
-- OVN_DATABASE="Southbound"
-- else
-- echo "OVS_DATABASE must be nb or sb"
-- exit 1
-- fi
--
-- ovs-appctl -t /var/run/ovn/ovn${OVS_DATABASE}_db.ctl cluster/status OVN_${OVN_DATABASE}
--}
--
--function readiness () {
-- if [[ $OVS_DATABASE == "nb" ]]; then
-- OVN_DATABASE="Northbound"
-- elif [[ $OVS_DATABASE == "sb" ]]; then
-- OVN_DATABASE="Southbound"
-- else
-- echo "OVS_DATABASE must be nb or sb"
-- exit 1
-- fi
--
-- ovs-appctl -t /var/run/ovn/ovn${OVS_DATABASE}_db.ctl cluster/status OVN_${OVN_DATABASE}
--}
--
--$COMMAND
diff --git a/charts/patches/ovn/0001-update-annotation-key.patch b/charts/patches/ovn/0001-update-annotation-key.patch
new file mode 100644
index 0000000..541fecf
--- /dev/null
+++ b/charts/patches/ovn/0001-update-annotation-key.patch
@@ -0,0 +1,35 @@
+From c4a752118fe027f1839da42842c9e23ea125daf7 Mon Sep 17 00:00:00 2001
+From: ricolin <rlin@vexxhost.com>
+Date: Wed, 13 Nov 2024 17:01:30 +0800
+Subject: [PATCH] update annotation key
+
+Change-Id: Icc34433a9ce4614460be02b4671d9b7c8767eeed
+---
+ ovn/templates/bin/_ovn-controller-init.sh.tpl | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/ovn/templates/bin/_ovn-controller-init.sh.tpl b/ovn/templates/bin/_ovn-controller-init.sh.tpl
+index 357c069d..1d303c8d 100644
+--- a/ovn/templates/bin/_ovn-controller-init.sh.tpl
++++ b/ovn/templates/bin/_ovn-controller-init.sh.tpl
+@@ -14,7 +14,7 @@
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+
+-ANNOTATION_KEY="openstack-helm-infra/ovn-system-id"
++ANNOTATION_KEY="atmosphere.cloud/ovn-system-id"
+
+ function get_ip_address_from_interface {
+ local interface=$1
+@@ -82,7 +82,7 @@ function get_current_system_id {
+ }
+
+ function get_stored_system_id {
+- kubectl get node "$NODE_NAME" -o "jsonpath={.metadata.annotations.openstack-helm-infra/ovn-system-id}"
++ kubectl get node "$NODE_NAME" -o "jsonpath={.metadata.annotations.atmosphere\.cloud/ovn-system-id}"
+ }
+
+ function store_system_id() {
+--
+2.25.1
+
diff --git a/charts/patches/ovn/0002-add-logging-parser.patch b/charts/patches/ovn/0002-add-logging-parser.patch
deleted file mode 100644
index 376a924..0000000
--- a/charts/patches/ovn/0002-add-logging-parser.patch
+++ /dev/null
@@ -1,316 +0,0 @@
-diff --git a/ovn/templates/bin/_ovn-network-logging-parser.sh.tpl b/ovn/templates/bin/_ovn-network-logging-parser.sh.tpl
-new file mode 100644
-index 00000000..06eaaa7f
---- /dev/null
-+++ b/ovn/templates/bin/_ovn-network-logging-parser.sh.tpl
-@@ -0,0 +1,28 @@
-+#!/bin/bash
-+
-+{{/*
-+Licensed under the Apache License, Version 2.0 (the "License");
-+you may not use this file except in compliance with the License.
-+You may obtain a copy of the License at
-+
-+ http://www.apache.org/licenses/LICENSE-2.0
-+
-+Unless required by applicable law or agreed to in writing, software
-+distributed under the License is distributed on an "AS IS" BASIS,
-+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+See the License for the specific language governing permissions and
-+limitations under the License.
-+*/}}
-+
-+set -ex
-+COMMAND="${@:-start}"
-+
-+function start () {
-+ exec uwsgi --ini /etc/neutron/neutron-ovn-network-logging-parser-uwsgi.ini
-+}
-+
-+function stop () {
-+ kill -TERM 1
-+}
-+
-+$COMMAND
-diff --git a/ovn/templates/configmap-bin.yaml b/ovn/templates/configmap-bin.yaml
-index 82001f99..77547470 100644
---- a/ovn/templates/configmap-bin.yaml
-+++ b/ovn/templates/configmap-bin.yaml
-@@ -26,4 +26,6 @@ data:
- {{- end }}
- ovn-controller-init.sh: |
- {{ tuple "bin/_ovn-controller-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
-+ ovn-network-logging-parser.sh: |
-+{{ tuple "bin/_ovn-network-logging-parser.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
- {{- end }}
-diff --git a/ovn/templates/configmap-etc.yaml b/ovn/templates/configmap-etc.yaml
-index 47b84be8..0d221f19 100644
---- a/ovn/templates/configmap-etc.yaml
-+++ b/ovn/templates/configmap-etc.yaml
-@@ -17,6 +17,12 @@ limitations under the License.
- {{- $envAll := index . 1 }}
- {{- with $envAll }}
-
-+{{- if empty (index .Values.conf.ovn_network_logging_parser_uwsgi.uwsgi "http-socket") -}}
-+{{- $http_socket_port := tuple "ovn_logging_parser" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | toString }}
-+{{- $http_socket := printf "0.0.0.0:%s" $http_socket_port }}
-+{{- $_ := set .Values.conf.ovn_network_logging_parser_uwsgi.uwsgi "http-socket" $http_socket -}}
-+{{- end -}}
-+
- ---
- apiVersion: v1
- kind: Secret
-@@ -25,7 +31,7 @@ metadata:
- type: Opaque
- data:
- auto_bridge_add: {{ toJson $envAll.Values.conf.auto_bridge_add | b64enc }}
--
-+ neutron-ovn-network-logging-parser-uwsgi.ini: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.ovn_network_logging_parser_uwsgi | b64enc }}
- {{- end }}
- {{- end }}
-
-diff --git a/ovn/templates/daemonset-controller.yaml b/ovn/templates/daemonset-controller.yaml
-index 6c240213..82b70f78 100644
---- a/ovn/templates/daemonset-controller.yaml
-+++ b/ovn/templates/daemonset-controller.yaml
-@@ -156,6 +156,52 @@ spec:
- mountPath: /var/log/ovn
- - name: run-openvswitch
- mountPath: /run/ovn
-+ {{- if .Values.pod.sidecars.vector }}
-+ - name: vector
-+{{ tuple $envAll "vector" | include "helm-toolkit.snippets.image" | indent 10 }}
-+{{ tuple $envAll $envAll.Values.pod.resources.vector | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-+{{ dict "envAll" $envAll "application" "ovn_controller" "container" "vector" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
-+ command:
-+ - vector
-+ - --config
-+ - /etc/vector/vector.toml
-+ volumeMounts:
-+ - name: vector-config
-+ mountPath: /etc/vector
-+ - name: logs
-+ mountPath: /logs
-+ - name: vector-data
-+ mountPath: /var/lib/vector
-+ {{- end }}
-+ {{- if .Values.pod.sidecars.ovn_logging_parser }}
-+ - name: log-parser
-+{{ tuple $envAll "ovn_logging_parser" | include "helm-toolkit.snippets.image" | indent 10 }}
-+{{ tuple $envAll $envAll.Values.pod.resources.ovn_logging_parser | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-+{{ dict "envAll" $envAll "application" "ovn_controller" "container" "ovn_logging_parser" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
-+ command:
-+ - /tmp/ovn-network-logging-parser.sh
-+ - start
-+ env:
-+ - name: VECTOR_HTTP_ENDPOINT
-+ value: http://localhost:5001
-+ ports:
-+ - name: http
-+ containerPort: {{ tuple "ovn_logging_parser" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
-+ protocol: TCP
-+ volumeMounts:
-+ - name: neutron-etc
-+ mountPath: /etc/neutron/neutron.conf
-+ subPath: neutron.conf
-+ readOnly: true
-+ - name: ovn-bin
-+ mountPath: /tmp/ovn-network-logging-parser.sh
-+ subPath: ovn-network-logging-parser.sh
-+ readOnly: true
-+ - name: ovn-etc
-+ mountPath: /etc/neutron/neutron-ovn-network-logging-parser-uwsgi.ini
-+ subPath: neutron-ovn-network-logging-parser-uwsgi.ini
-+ readOnly: true
-+ {{- end }}
- volumes:
- - name: ovn-bin
- configMap:
-@@ -179,4 +225,17 @@ spec:
- type: DirectoryOrCreate
- - name: gw-enabled
- emptyDir: {}
-+ {{- if .Values.pod.sidecars.vector }}
-+ - name: vector-config
-+ secret:
-+ secretName: ovn-vector-config
-+ - name: vector-data
-+ emptyDir: {}
-+ {{- end }}
-+ {{- if .Values.pod.sidecars.ovn_logging_parser }}
-+ - name: neutron-etc
-+ secret:
-+ secretName: neutron-etc
-+ defaultMode: 0444
-+ {{- end }}
- {{- end }}
-diff --git a/ovn/templates/secret-vector.yaml b/ovn/templates/secret-vector.yaml
-new file mode 100644
-index 00000000..989f3afa
---- /dev/null
-+++ b/ovn/templates/secret-vector.yaml
-@@ -0,0 +1,26 @@
-+{{/*
-+Licensed under the Apache License, Version 2.0 (the "License");
-+you may not use this file except in compliance with the License.
-+You may obtain a copy of the License at
-+
-+ http://www.apache.org/licenses/LICENSE-2.0
-+
-+Unless required by applicable law or agreed to in writing, software
-+distributed under the License is distributed on an "AS IS" BASIS,
-+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+See the License for the specific language governing permissions and
-+limitations under the License.
-+*/}}
-+
-+{{- if .Values.pod.sidecars.vector }}
-+{{- $envAll := . }}
-+
-+---
-+apiVersion: v1
-+kind: Secret
-+metadata:
-+ name: ovn-vector-config
-+type: Opaque
-+data:
-+{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.vector "key" "vector.toml" "format" "Secret" ) | indent 2 }}
-+{{- end }}
-diff --git a/ovn/values.yaml b/ovn/values.yaml
-index 8459e33a..3ffdecec 100644
---- a/ovn/values.yaml
-+++ b/ovn/values.yaml
-@@ -27,6 +27,8 @@ images:
- ovn_controller_kubectl: docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_jammy
- dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal
- image_repo_sync: docker.io/library/docker:17.07.0
-+ vector: docker.io/timberio/vector:0.39.0-debian
-+ ovn_logging_parser: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
- pull_policy: "IfNotPresent"
- local_registry:
- active: false
-@@ -83,6 +85,56 @@ conf:
- # br-public: eth1
- auto_bridge_add: {}
-
-+ ovn_network_logging_parser_uwsgi:
-+ uwsgi:
-+ add-header: "Connection: close"
-+ buffer-size: 65535
-+ die-on-term: true
-+ enable-threads: true
-+ exit-on-reload: false
-+ hook-master-start: unix_signal:15 gracefully_kill_them_all
-+ lazy-apps: true
-+ log-x-forwarded-for: true
-+ master: true
-+ processes: 1
-+ procname-prefix-spaced: "neutron-ovn-network-logging-parser:"
-+ route-user-agent: '^kube-probe.* donotlog:'
-+ thunder-lock: true
-+ worker-reload-mercy: 80
-+ wsgi-file: /var/lib/openstack/bin/neutron-ovn-network-logging-parser-wsgi
-+ vector: |
-+ [sources.file_logs]
-+ type = "file"
-+ include = [ "/logs/ovn-controller.log" ]
-+
-+ [sinks.ovn_log_parser_in]
-+ type = "http"
-+ inputs = ["file_logs"]
-+ uri = "{{ tuple "ovn_logging_parser" "default" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}"
-+ encoding.codec = "json"
-+ method = "post"
-+
-+ [sources.ovn_log_parser_out]
-+ type = "http_server"
-+ address = "0.0.0.0:5001"
-+ encoding = "json"
-+
-+ [transforms.parse_log_message]
-+ type = "remap"
-+ inputs = ["ovn_log_parser_out"]
-+ source = '''
-+ del(.source_type)
-+ del(.path)
-+ '''
-+
-+ [sinks.loki_sink]
-+ type = "loki"
-+ labels.event_source = "network_logs"
-+ inputs = ["parse_log_message"]
-+ endpoint = "http://loki.monitoring:3100"
-+ encoding.codec = "json"
-+ tenant_id = "{{`{{ project_id }}`}}"
-+
- pod:
- # NOTE: should be same as nova.pod.use_fqdn.compute
- use_fqdn:
-@@ -102,6 +154,12 @@ pod:
- controller:
- readOnlyRootFilesystem: true
- privileged: true
-+ ovn_logging_parser:
-+ allowPrivilegeEscalation: false
-+ readOnlyRootFilesystem: true
-+ vector:
-+ allowPrivilegeEscalation: false
-+ readOnlyRootFilesystem: true
- tolerations:
- ovn_ovsdb_nb:
- enabled: false
-@@ -217,6 +275,20 @@ pod:
- limits:
- memory: "1024Mi"
- cpu: "2000m"
-+ ovn_logging_parser:
-+ requests:
-+ memory: "128Mi"
-+ cpu: "100m"
-+ limits:
-+ memory: "256Mi"
-+ cpu: "500m"
-+ vector:
-+ requests:
-+ memory: "128Mi"
-+ cpu: "100m"
-+ limits:
-+ memory: "256Mi"
-+ cpu: "500m"
- jobs:
- image_repo_sync:
- requests:
-@@ -226,6 +298,10 @@ pod:
- memory: "1024Mi"
- cpu: "2000m"
-
-+ sidecars:
-+ ovn_logging_parser: false
-+ vector: false
-+
- secrets:
- oci_image_registry:
- ovn: ovn-oci-image-registry-key
-@@ -284,6 +360,22 @@ endpoints:
- default: 6642
- raft:
- default: 6644
-+ ovn_logging_parser:
-+ name: ovn-logging-parser
-+ namespace: null
-+ hosts:
-+ default: localhost
-+ host_fqdn_override:
-+ default: localhost
-+ scheme:
-+ default: 'http'
-+ service: 'http'
-+ path:
-+ default: "/logs"
-+ port:
-+ api:
-+ default: 9697
-+ service: 9697
-
- network_policy:
- ovn_ovsdb_nb: