fix: sync ovn chart upstream patch (#2021)

this error has been revealed by #1983 Good to have this go unit test in CI soon
Moved to local patch https://review.opendev.org/c/openstack/openstack-helm-infra/+/893739/10
diff --git a/.charts.yml b/.charts.yml
index 65475cb..bdb8155 100644
--- a/.charts.yml
+++ b/.charts.yml
@@ -175,10 +175,6 @@
     version: 0.1.13
     repository: *openstack_helm_infra_repository
     dependencies: *openstack_helm_dependencies
-    patches:
-      gerrit:
-        review.opendev.org:
-          - 893739
   - name: placement
     version: 0.3.9
     repository: *openstack_helm_repository
diff --git a/charts/ovn/templates/daemonset-controller-gw.yaml b/charts/ovn/templates/daemonset-controller-gw.yaml
index 4acd11b..fa71635 100644
--- a/charts/ovn/templates/daemonset-controller-gw.yaml
+++ b/charts/ovn/templates/daemonset-controller-gw.yaml
@@ -109,8 +109,8 @@
               mountPath: /var/run/ovn
             - name: run-openvswitch
               mountPath: /var/run/openvswitch
-            - name: shared
-              mountPath: /var/log/ovn/
+            - name: logs
+              mountPath: /var/log/ovn
         {{- if .Values.pod.sidecars.vector }}
         - name: vector
 {{ tuple $envAll "vector" | include "helm-toolkit.snippets.image" | indent 10 }}
@@ -123,7 +123,7 @@
           volumeMounts:
             - name: vector-config
               mountPath: /etc/vector
-            - name: shared
+            - name: logs
               mountPath: /logs
             - name: vector-data
               mountPath: /var/lib/vector
@@ -170,8 +170,10 @@
           secret:
             secretName: {{ $configMapName }}
             defaultMode: 0444
-        - name: shared
-          emptyDir: {}
+        - name: logs
+          hostPath:
+            path: /var/log/ovn
+            type: DirectoryOrCreate
         {{- if .Values.pod.sidecars.vector }}
         - name: vector-config
           secret:
diff --git a/charts/ovn/templates/daemonset-controller.yaml b/charts/ovn/templates/daemonset-controller.yaml
index d208b08..a1245d5 100644
--- a/charts/ovn/templates/daemonset-controller.yaml
+++ b/charts/ovn/templates/daemonset-controller.yaml
@@ -62,7 +62,6 @@
         - name: controller-init
 {{ dict "envAll" $envAll "application" "ovn_controller" "container" "controller_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
 {{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
-{{ dict "envAll" $envAll "application" "ovn_controller" "container" "controller_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
           command:
             - /tmp/ovn-controller-init.sh
           env:
diff --git a/charts/patches/ovn/0000-upstream-893739.patch b/charts/patches/ovn/0000-upstream-893739.patch
new file mode 100644
index 0000000..248da7e
--- /dev/null
+++ b/charts/patches/ovn/0000-upstream-893739.patch
@@ -0,0 +1,398 @@
+From d44a05f9adf485697ba0aa9189ec72495ac62e69 Mon Sep 17 00:00:00 2001
+From: root <okozachenko1203@gmail.com>
+Date: Wed, 06 Sep 2023 00:10:39 +1000
+Subject: [PATCH] Distinguish ovn controller and gateway
+
+Change-Id: If98d28b540c59c2632a6eda259c04c3cef128af3
+---
+
+diff --git a/ovn/templates/bin/_ovn-controller-init.sh.tpl b/ovn/templates/bin/_ovn-controller-init.sh.tpl
+index 55cc2ec..e64413e 100644
+--- a/ovn/templates/bin/_ovn-controller-init.sh.tpl
++++ b/ovn/templates/bin/_ovn-controller-init.sh.tpl
+@@ -117,13 +117,7 @@
+ ovs-vsctl set open . external-ids:ovn-encap-type="{{ .Values.conf.ovn_encap_type }}"
+ ovs-vsctl set open . external-ids:ovn-bridge="{{ .Values.conf.ovn_bridge }}"
+ ovs-vsctl set open . external-ids:ovn-bridge-mappings="{{ .Values.conf.ovn_bridge_mappings }}"
+-
+-GW_ENABLED=$(cat /tmp/gw-enabled/gw-enabled)
+-if [[ ${GW_ENABLED} == enabled ]]; then
+-  ovs-vsctl set open . external-ids:ovn-cms-options={{ .Values.conf.ovn_cms_options_gw_enabled }}
+-else
+-  ovs-vsctl set open . external-ids:ovn-cms-options={{ .Values.conf.ovn_cms_options }}
+-fi
++ovs-vsctl set open . external-ids:ovn-cms-options="${OVN_CMS_OPTIONS}"
+ 
+ # Configure hostname
+ {{- if .Values.pod.use_fqdn.compute }}
+diff --git a/ovn/templates/daemonset-controller-gw.yaml b/ovn/templates/daemonset-controller-gw.yaml
+new file mode 100644
+index 0000000..383451f
+--- /dev/null
++++ b/ovn/templates/daemonset-controller-gw.yaml
+@@ -0,0 +1,116 @@
++{{/*
++Licensed under the Apache License, Version 2.0 (the "License");
++you may not use this file except in compliance with the License.
++You may obtain a copy of the License at
++
++   http://www.apache.org/licenses/LICENSE-2.0
++
++Unless required by applicable law or agreed to in writing, software
++distributed under the License is distributed on an "AS IS" BASIS,
++WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++See the License for the specific language governing permissions and
++limitations under the License.
++*/}}
++
++{{- if .Values.manifests.daemonset_ovn_controller_gw }}
++{{- $envAll := . }}
++
++{{- $configMapName := "ovn-etc" }}
++{{- $serviceAccountName := "ovn-controller-gw" }}
++{{ tuple $envAll "ovn_controller_gw" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
++---
++kind: DaemonSet
++apiVersion: apps/v1
++metadata:
++  name: ovn-controller-gw
++  annotations:
++    {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
++    configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
++  labels:
++{{ tuple $envAll "ovn" "ovn_controller_gw" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
++spec:
++  selector:
++    matchLabels:
++{{ tuple $envAll "ovn" "ovn_controller_gw" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
++  template:
++    metadata:
++      labels:
++{{ tuple $envAll "ovn" "ovn_controller_gw" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
++      annotations:
++{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
++        configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
++        configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
++    spec:
++      serviceAccountName: {{ $serviceAccountName }}
++      hostNetwork: true
++      dnsPolicy: {{ .Values.pod.dns_policy }}
++      nodeSelector:
++        {{ .Values.labels.ovn_controller_gw.node_selector_key }}: {{ .Values.labels.ovn_controller_gw.node_selector_value }}
++      initContainers:
++{{- tuple $envAll "ovn_controller_gw" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
++        - name: controller-init
++{{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
++{{ dict "envAll" $envAll "application" "ovn_controller_gw" "container" "controller_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
++          command:
++            - /tmp/ovn-controller-init.sh
++          env:
++            - name: OVN_CMS_OPTIONS
++              value: {{ .Values.conf.ovn_cms_options_gw_enabled | quote }}
++          volumeMounts:
++            - name: ovn-bin
++              mountPath: /tmp/ovn-controller-init.sh
++              subPath: ovn-controller-init.sh
++              readOnly: true
++            - name: run-openvswitch
++              mountPath: /run/openvswitch
++            - name: ovn-etc
++              mountPath: /tmp/auto_bridge_add
++              subPath: auto_bridge_add
++              readOnly: true
++      containers:
++        - name: controller
++{{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
++{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
++{{ dict "envAll" $envAll "application" "ovn_controller_gw" "container" "controller" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
++          command:
++            - /tmp/ovn-controller.sh
++            - start
++          lifecycle:
++            preStop:
++              exec:
++                command:
++                  - /tmp/ovn-controller.sh
++                  - stop
++          volumeMounts:
++            - name: ovn-bin
++              mountPath: /tmp/ovn-controller.sh
++              subPath: ovn-controller.sh
++              readOnly: true
++            - name: run-openvswitch
++              mountPath: /run/openvswitch
++            - name: logs
++              mountPath: /var/log/ovn
++            - name: run-ovn
++              mountPath: /run/ovn
++      volumes:
++        - name: ovn-bin
++          configMap:
++            name: ovn-bin
++            defaultMode: 0777
++        - name: run-openvswitch
++          hostPath:
++            path: /run/openvswitch
++            type: DirectoryOrCreate
++        - name: ovn-etc
++          secret:
++            secretName: {{ $configMapName }}
++            defaultMode: 0444
++        - name: logs
++          hostPath:
++            path: /var/log/ovn
++            type: DirectoryOrCreate
++        - name: run-ovn
++          hostPath:
++            path: /run/ovn
++            type: DirectoryOrCreate
++{{- end }}
+diff --git a/ovn/templates/daemonset-controller.yaml b/ovn/templates/daemonset-controller.yaml
+index f27903f..ada19c9 100644
+--- a/ovn/templates/daemonset-controller.yaml
++++ b/ovn/templates/daemonset-controller.yaml
+@@ -12,38 +12,12 @@
+ limitations under the License.
+ */}}
+ 
+-{{- if .Values.manifests.daemonset_controller }}
++{{- if .Values.manifests.daemonset_ovn_controller }}
+ {{- $envAll := . }}
+ 
+ {{- $configMapName := "ovn-etc" }}
+ {{- $serviceAccountName := "ovn-controller" }}
+-{{- $serviceAccountNamespace := $envAll.Release.Namespace }}
+ {{ tuple $envAll "ovn_controller" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
+-
+----
+-apiVersion: rbac.authorization.k8s.io/v1
+-kind: ClusterRole
+-metadata:
+-  name: ovn-controller-list-nodes-role-{{ $serviceAccountNamespace }}
+-rules:
+-- apiGroups: [""]
+-  resources: ["nodes"]
+-  verbs: ["list", "get"]
+-
+----
+-apiVersion: rbac.authorization.k8s.io/v1
+-kind: ClusterRoleBinding
+-metadata:
+-  name: ovn-controller-list-nodes-rolebinding-{{ $serviceAccountNamespace }}
+-subjects:
+-- kind: ServiceAccount
+-  name: {{ $serviceAccountName }}
+-  namespace: {{ $serviceAccountNamespace }}
+-roleRef:
+-  kind: ClusterRole
+-  name: ovn-controller-list-nodes-role-{{ $serviceAccountNamespace }}
+-  apiGroup: rbac.authorization.k8s.io
+-
+ ---
+ kind: DaemonSet
+ apiVersion: apps/v1
+@@ -53,15 +27,15 @@
+     {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
+     configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
+   labels:
+-{{ tuple $envAll "ovn" "ovn-controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
++{{ tuple $envAll "ovn" "ovn_controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
+ spec:
+   selector:
+     matchLabels:
+-{{ tuple $envAll "ovn" "ovn-controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
++{{ tuple $envAll "ovn" "ovn_controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
+   template:
+     metadata:
+       labels:
+-{{ tuple $envAll "ovn" "ovn-controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
++{{ tuple $envAll "ovn" "ovn_controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+       annotations:
+ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
+         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
+@@ -71,32 +45,19 @@
+       hostNetwork: true
+       hostPID: true
+       hostIPC: true
+-      dnsPolicy: ClusterFirstWithHostNet
++      dnsPolicy: {{ .Values.pod.dns_policy }}
+       nodeSelector:
+         {{ .Values.labels.ovn_controller.node_selector_key }}: {{ .Values.labels.ovn_controller.node_selector_value }}
+       initContainers:
+ {{- tuple $envAll "ovn_controller" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+-        - name: get-gw-enabled
+-{{ tuple $envAll "ovn_controller_kubectl" | include "helm-toolkit.snippets.image" | indent 10 }}
+-          command:
+-            - /bin/bash
+-            - -c
+-            - |
+-              kubectl get node ${NODENAME} -o jsonpath='{.metadata.labels.l3-agent}' > /tmp/gw-enabled/gw-enabled
+-          env:
+-            - name: NODENAME
+-              valueFrom:
+-                fieldRef:
+-                  fieldPath: spec.nodeName
+-          volumeMounts:
+-            - name: gw-enabled
+-              mountPath: /tmp/gw-enabled
+-              readOnly: false
+         - name: controller-init
+ {{ dict "envAll" $envAll "application" "ovn_controller" "container" "controller_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+ {{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
+           command:
+             - /tmp/ovn-controller-init.sh
++          env:
++            - name: OVN_CMS_OPTIONS
++              value: {{ .Values.conf.ovn_cms_options | quote }}
+           volumeMounts:
+             - name: ovn-bin
+               mountPath: /tmp/ovn-controller-init.sh
+@@ -108,9 +69,6 @@
+               mountPath: /tmp/auto_bridge_add
+               subPath: auto_bridge_add
+               readOnly: true
+-            - name: gw-enabled
+-              mountPath: /tmp/gw-enabled
+-              readOnly: true
+       containers:
+         - name: controller
+ {{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
+@@ -157,6 +115,4 @@
+           hostPath:
+             path: /run/ovn
+             type: DirectoryOrCreate
+-        - name: gw-enabled
+-          emptyDir: {}
+ {{- end }}
+diff --git a/ovn/templates/statefulset-ovsdb-nb.yaml b/ovn/templates/statefulset-ovsdb-nb.yaml
+index 95a33b1..0495816 100644
+--- a/ovn/templates/statefulset-ovsdb-nb.yaml
++++ b/ovn/templates/statefulset-ovsdb-nb.yaml
+@@ -58,7 +58,7 @@
+             - name: OVS_DATABASE
+               value: nb
+             - name: OVS_PORT
+-              value: "{{ tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}"
++              value: {{ tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
+           command:
+             - /tmp/ovsdb-server.sh
+             - start
+diff --git a/ovn/templates/statefulset-ovsdb-sb.yaml b/ovn/templates/statefulset-ovsdb-sb.yaml
+index d300d3f..9e7b667 100644
+--- a/ovn/templates/statefulset-ovsdb-sb.yaml
++++ b/ovn/templates/statefulset-ovsdb-sb.yaml
+@@ -58,7 +58,7 @@
+             - name: OVS_DATABASE
+               value: sb
+             - name: OVS_PORT
+-              value: "{{ tuple "ovn-ovsdb-sb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}"
++              value: {{ tuple "ovn-ovsdb-sb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
+           command:
+             - /tmp/ovsdb-server.sh
+             - start
+diff --git a/ovn/values.yaml b/ovn/values.yaml
+index 8c3dc5a..7d342ad 100644
+--- a/ovn/values.yaml
++++ b/ovn/values.yaml
+@@ -24,7 +24,6 @@
+     ovn_ovsdb_sb: docker.io/openstackhelm/ovn:ubuntu_focal
+     ovn_northd: docker.io/openstackhelm/ovn:ubuntu_focal
+     ovn_controller: docker.io/openstackhelm/ovn:ubuntu_focal
+-    ovn_controller_kubectl: docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_jammy
+     dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal
+     image_repo_sync: docker.io/library/docker:17.07.0
+   pull_policy: "IfNotPresent"
+@@ -47,6 +46,9 @@
+   ovn_controller:
+     node_selector_key: openvswitch
+     node_selector_value: enabled
++  ovn_controller_gw:
++    node_selector_key: openstack-control-plane
++    node_selector_value: enabled
+ 
+ volume:
+   ovn_ovsdb_nb:
+@@ -99,6 +101,14 @@
+         controller:
+           readOnlyRootFilesystem: true
+           privileged: true
++    ovn_controller_gw:
++      container:
++        controller_init:
++          readOnlyRootFilesystem: true
++          privileged: true
++        controller:
++          readOnlyRootFilesystem: true
++          privileged: true
+   tolerations:
+     ovn_ovsdb_nb:
+       enabled: false
+@@ -108,6 +118,8 @@
+       enabled: false
+     ovn_controller:
+       enabled: false
++    ovn_controller_gw:
++      enabled: false
+   affinity:
+     anti:
+       type:
+@@ -155,6 +167,10 @@
+           enabled: true
+           min_ready_seconds: 0
+           max_unavailable: 1
++        ovn_controller_gw:
++          enabled: true
++          min_ready_seconds: 0
++          max_unavailable: 1
+   resources:
+     enabled: false
+     ovs:
+@@ -186,6 +202,13 @@
+         limits:
+           memory: "1024Mi"
+           cpu: "2000m"
++      ovn_controller_gw:
++        requests:
++          memory: "128Mi"
++          cpu: "100m"
++        limits:
++          memory: "1024Mi"
++          cpu: "2000m"
+     jobs:
+       image_repo_sync:
+         requests:
+@@ -273,6 +296,9 @@
+   ovn_controller:
+     ingress:
+       - {}
++  ovn_controller_gw:
++    ingress:
++      - {}
+     egress:
+       - {}
+ 
+@@ -298,6 +324,10 @@
+       services:
+         - endpoint: internal
+           service: ovn-ovsdb-sb
++    ovn_controller_gw:
++      services:
++        - endpoint: internal
++          service: ovn-ovsdb-sb
+       pod:
+         - requireSameNode: true
+           labels:
+@@ -312,12 +342,12 @@
+   configmap_bin: true
+   configmap_etc: true
+   deployment_northd: true
+-  daemonset_controller: true
+   service_ovn_ovsdb_nb: true
+   service_ovn_ovsdb_sb: true
+   statefulset_ovn_ovsdb_nb: true
+   statefulset_ovn_ovsdb_sb: true
+   deployment_ovn_northd: true
+   daemonset_ovn_controller: true
++  daemonset_ovn_controller_gw: true
+   job_image_repo_sync: true
+ ...
diff --git a/charts/patches/ovn/0001-switch-to-ovn-kubernetes.patch b/charts/patches/ovn/0001-switch-to-ovn-kubernetes.patch
index 51a4bad..149542c 100644
--- a/charts/patches/ovn/0001-switch-to-ovn-kubernetes.patch
+++ b/charts/patches/ovn/0001-switch-to-ovn-kubernetes.patch
@@ -161,7 +161,7 @@
            volumeMounts:
              - name: ovn-bin
                mountPath: /tmp/ovn-controller-init.sh
-@@ -69,25 +83,33 @@ spec:
+@@ -69,29 +82,35 @@ spec:
                readOnly: true
        containers:
          - name: controller
@@ -206,9 +206,22 @@
 +              mountPath: /var/run/ovn
 +            - name: run-openvswitch
 +              mountPath: /var/run/openvswitch
+             - name: logs
+               mountPath: /var/log/ovn
+-            - name: run-ovn
+-              mountPath: /run/ovn
        volumes:
          - name: ovn-bin
            configMap:
+@@ -109,8 +128,4 @@ spec:
+           hostPath:
+             path: /var/log/ovn
+             type: DirectoryOrCreate
+-        - name: run-ovn
+-          hostPath:
+-            path: /run/ovn
+-            type: DirectoryOrCreate
+ {{- end }}
 diff --git a/ovn/templates/daemonset-controller.yaml b/ovn/templates/daemonset-controller.yaml
 index 4cd5d9b2..fae94512 100644
 --- a/ovn/templates/daemonset-controller.yaml
diff --git a/charts/patches/ovn/0002-add-logging-parser.patch b/charts/patches/ovn/0002-add-logging-parser.patch
index 9133d00..8394063 100644
--- a/charts/patches/ovn/0002-add-logging-parser.patch
+++ b/charts/patches/ovn/0002-add-logging-parser.patch
@@ -73,12 +73,10 @@
 index eb309c5e..3ecd81dc 100644
 --- a/ovn/templates/daemonset-controller-gw.yaml
 +++ b/ovn/templates/daemonset-controller-gw.yaml
-@@ -112,6 +112,54 @@ spec:
-               mountPath: /var/run/ovn
-             - name: run-openvswitch
+@@ -111,6 +111,52 @@ spec:
                mountPath: /var/run/openvswitch
-+            - name: shared
-+              mountPath: /var/log/ovn/
+             - name: logs
+               mountPath: /var/log/ovn
 +        {{- if .Values.pod.sidecars.vector }}
 +        - name: vector
 +{{ tuple $envAll "vector" | include "helm-toolkit.snippets.image" | indent 10 }}
@@ -91,7 +89,7 @@
 +          volumeMounts:
 +            - name: vector-config
 +              mountPath: /etc/vector
-+            - name: shared
++            - name: logs
 +              mountPath: /logs
 +            - name: vector-data
 +              mountPath: /var/lib/vector
@@ -128,12 +126,10 @@
        volumes:
          - name: ovn-bin
            configMap:
-@@ -125,4 +173,19 @@ spec:
-           secret:
-             secretName: {{ $configMapName }}
-             defaultMode: 0444
-+        - name: shared
-+          emptyDir: {}
+@@ -128,4 +174,17 @@ spec:
+           hostPath:
+             path: /var/log/ovn
+             type: DirectoryOrCreate
 +        {{- if .Values.pod.sidecars.vector }}
 +        - name: vector-config
 +          secret: