fix: sync ovn chart upstream patch (#2021)
this error has been revealed by #1983 Good to have this go unit test in CI soon
Moved to local patch https://review.opendev.org/c/openstack/openstack-helm-infra/+/893739/10
diff --git a/.charts.yml b/.charts.yml
index 65475cb..bdb8155 100644
--- a/.charts.yml
+++ b/.charts.yml
@@ -175,10 +175,6 @@
version: 0.1.13
repository: *openstack_helm_infra_repository
dependencies: *openstack_helm_dependencies
- patches:
- gerrit:
- review.opendev.org:
- - 893739
- name: placement
version: 0.3.9
repository: *openstack_helm_repository
diff --git a/charts/ovn/templates/daemonset-controller-gw.yaml b/charts/ovn/templates/daemonset-controller-gw.yaml
index 4acd11b..fa71635 100644
--- a/charts/ovn/templates/daemonset-controller-gw.yaml
+++ b/charts/ovn/templates/daemonset-controller-gw.yaml
@@ -109,8 +109,8 @@
mountPath: /var/run/ovn
- name: run-openvswitch
mountPath: /var/run/openvswitch
- - name: shared
- mountPath: /var/log/ovn/
+ - name: logs
+ mountPath: /var/log/ovn
{{- if .Values.pod.sidecars.vector }}
- name: vector
{{ tuple $envAll "vector" | include "helm-toolkit.snippets.image" | indent 10 }}
@@ -123,7 +123,7 @@
volumeMounts:
- name: vector-config
mountPath: /etc/vector
- - name: shared
+ - name: logs
mountPath: /logs
- name: vector-data
mountPath: /var/lib/vector
@@ -170,8 +170,10 @@
secret:
secretName: {{ $configMapName }}
defaultMode: 0444
- - name: shared
- emptyDir: {}
+ - name: logs
+ hostPath:
+ path: /var/log/ovn
+ type: DirectoryOrCreate
{{- if .Values.pod.sidecars.vector }}
- name: vector-config
secret:
diff --git a/charts/ovn/templates/daemonset-controller.yaml b/charts/ovn/templates/daemonset-controller.yaml
index d208b08..a1245d5 100644
--- a/charts/ovn/templates/daemonset-controller.yaml
+++ b/charts/ovn/templates/daemonset-controller.yaml
@@ -62,7 +62,6 @@
- name: controller-init
{{ dict "envAll" $envAll "application" "ovn_controller" "container" "controller_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
{{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
-{{ dict "envAll" $envAll "application" "ovn_controller" "container" "controller_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
command:
- /tmp/ovn-controller-init.sh
env:
diff --git a/charts/patches/ovn/0000-upstream-893739.patch b/charts/patches/ovn/0000-upstream-893739.patch
new file mode 100644
index 0000000..248da7e
--- /dev/null
+++ b/charts/patches/ovn/0000-upstream-893739.patch
@@ -0,0 +1,398 @@
+From d44a05f9adf485697ba0aa9189ec72495ac62e69 Mon Sep 17 00:00:00 2001
+From: root <okozachenko1203@gmail.com>
+Date: Wed, 06 Sep 2023 00:10:39 +1000
+Subject: [PATCH] Distinguish ovn controller and gateway
+
+Change-Id: If98d28b540c59c2632a6eda259c04c3cef128af3
+---
+
+diff --git a/ovn/templates/bin/_ovn-controller-init.sh.tpl b/ovn/templates/bin/_ovn-controller-init.sh.tpl
+index 55cc2ec..e64413e 100644
+--- a/ovn/templates/bin/_ovn-controller-init.sh.tpl
++++ b/ovn/templates/bin/_ovn-controller-init.sh.tpl
+@@ -117,13 +117,7 @@
+ ovs-vsctl set open . external-ids:ovn-encap-type="{{ .Values.conf.ovn_encap_type }}"
+ ovs-vsctl set open . external-ids:ovn-bridge="{{ .Values.conf.ovn_bridge }}"
+ ovs-vsctl set open . external-ids:ovn-bridge-mappings="{{ .Values.conf.ovn_bridge_mappings }}"
+-
+-GW_ENABLED=$(cat /tmp/gw-enabled/gw-enabled)
+-if [[ ${GW_ENABLED} == enabled ]]; then
+- ovs-vsctl set open . external-ids:ovn-cms-options={{ .Values.conf.ovn_cms_options_gw_enabled }}
+-else
+- ovs-vsctl set open . external-ids:ovn-cms-options={{ .Values.conf.ovn_cms_options }}
+-fi
++ovs-vsctl set open . external-ids:ovn-cms-options="${OVN_CMS_OPTIONS}"
+
+ # Configure hostname
+ {{- if .Values.pod.use_fqdn.compute }}
+diff --git a/ovn/templates/daemonset-controller-gw.yaml b/ovn/templates/daemonset-controller-gw.yaml
+new file mode 100644
+index 0000000..383451f
+--- /dev/null
++++ b/ovn/templates/daemonset-controller-gw.yaml
+@@ -0,0 +1,116 @@
++{{/*
++Licensed under the Apache License, Version 2.0 (the "License");
++you may not use this file except in compliance with the License.
++You may obtain a copy of the License at
++
++ http://www.apache.org/licenses/LICENSE-2.0
++
++Unless required by applicable law or agreed to in writing, software
++distributed under the License is distributed on an "AS IS" BASIS,
++WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++See the License for the specific language governing permissions and
++limitations under the License.
++*/}}
++
++{{- if .Values.manifests.daemonset_ovn_controller_gw }}
++{{- $envAll := . }}
++
++{{- $configMapName := "ovn-etc" }}
++{{- $serviceAccountName := "ovn-controller-gw" }}
++{{ tuple $envAll "ovn_controller_gw" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
++---
++kind: DaemonSet
++apiVersion: apps/v1
++metadata:
++ name: ovn-controller-gw
++ annotations:
++ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
++ configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
++ labels:
++{{ tuple $envAll "ovn" "ovn_controller_gw" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
++spec:
++ selector:
++ matchLabels:
++{{ tuple $envAll "ovn" "ovn_controller_gw" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
++ template:
++ metadata:
++ labels:
++{{ tuple $envAll "ovn" "ovn_controller_gw" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
++ annotations:
++{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
++ configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
++ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
++ spec:
++ serviceAccountName: {{ $serviceAccountName }}
++ hostNetwork: true
++ dnsPolicy: {{ .Values.pod.dns_policy }}
++ nodeSelector:
++ {{ .Values.labels.ovn_controller_gw.node_selector_key }}: {{ .Values.labels.ovn_controller_gw.node_selector_value }}
++ initContainers:
++{{- tuple $envAll "ovn_controller_gw" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
++ - name: controller-init
++{{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
++{{ dict "envAll" $envAll "application" "ovn_controller_gw" "container" "controller_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
++ command:
++ - /tmp/ovn-controller-init.sh
++ env:
++ - name: OVN_CMS_OPTIONS
++ value: {{ .Values.conf.ovn_cms_options_gw_enabled | quote }}
++ volumeMounts:
++ - name: ovn-bin
++ mountPath: /tmp/ovn-controller-init.sh
++ subPath: ovn-controller-init.sh
++ readOnly: true
++ - name: run-openvswitch
++ mountPath: /run/openvswitch
++ - name: ovn-etc
++ mountPath: /tmp/auto_bridge_add
++ subPath: auto_bridge_add
++ readOnly: true
++ containers:
++ - name: controller
++{{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
++{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
++{{ dict "envAll" $envAll "application" "ovn_controller_gw" "container" "controller" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
++ command:
++ - /tmp/ovn-controller.sh
++ - start
++ lifecycle:
++ preStop:
++ exec:
++ command:
++ - /tmp/ovn-controller.sh
++ - stop
++ volumeMounts:
++ - name: ovn-bin
++ mountPath: /tmp/ovn-controller.sh
++ subPath: ovn-controller.sh
++ readOnly: true
++ - name: run-openvswitch
++ mountPath: /run/openvswitch
++ - name: logs
++ mountPath: /var/log/ovn
++ - name: run-ovn
++ mountPath: /run/ovn
++ volumes:
++ - name: ovn-bin
++ configMap:
++ name: ovn-bin
++ defaultMode: 0777
++ - name: run-openvswitch
++ hostPath:
++ path: /run/openvswitch
++ type: DirectoryOrCreate
++ - name: ovn-etc
++ secret:
++ secretName: {{ $configMapName }}
++ defaultMode: 0444
++ - name: logs
++ hostPath:
++ path: /var/log/ovn
++ type: DirectoryOrCreate
++ - name: run-ovn
++ hostPath:
++ path: /run/ovn
++ type: DirectoryOrCreate
++{{- end }}
+diff --git a/ovn/templates/daemonset-controller.yaml b/ovn/templates/daemonset-controller.yaml
+index f27903f..ada19c9 100644
+--- a/ovn/templates/daemonset-controller.yaml
++++ b/ovn/templates/daemonset-controller.yaml
+@@ -12,38 +12,12 @@
+ limitations under the License.
+ */}}
+
+-{{- if .Values.manifests.daemonset_controller }}
++{{- if .Values.manifests.daemonset_ovn_controller }}
+ {{- $envAll := . }}
+
+ {{- $configMapName := "ovn-etc" }}
+ {{- $serviceAccountName := "ovn-controller" }}
+-{{- $serviceAccountNamespace := $envAll.Release.Namespace }}
+ {{ tuple $envAll "ovn_controller" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
+-
+----
+-apiVersion: rbac.authorization.k8s.io/v1
+-kind: ClusterRole
+-metadata:
+- name: ovn-controller-list-nodes-role-{{ $serviceAccountNamespace }}
+-rules:
+-- apiGroups: [""]
+- resources: ["nodes"]
+- verbs: ["list", "get"]
+-
+----
+-apiVersion: rbac.authorization.k8s.io/v1
+-kind: ClusterRoleBinding
+-metadata:
+- name: ovn-controller-list-nodes-rolebinding-{{ $serviceAccountNamespace }}
+-subjects:
+-- kind: ServiceAccount
+- name: {{ $serviceAccountName }}
+- namespace: {{ $serviceAccountNamespace }}
+-roleRef:
+- kind: ClusterRole
+- name: ovn-controller-list-nodes-role-{{ $serviceAccountNamespace }}
+- apiGroup: rbac.authorization.k8s.io
+-
+ ---
+ kind: DaemonSet
+ apiVersion: apps/v1
+@@ -53,15 +27,15 @@
+ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
+ configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
+ labels:
+-{{ tuple $envAll "ovn" "ovn-controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
++{{ tuple $envAll "ovn" "ovn_controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
+ spec:
+ selector:
+ matchLabels:
+-{{ tuple $envAll "ovn" "ovn-controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
++{{ tuple $envAll "ovn" "ovn_controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
+ template:
+ metadata:
+ labels:
+-{{ tuple $envAll "ovn" "ovn-controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
++{{ tuple $envAll "ovn" "ovn_controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+ annotations:
+ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
+ configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
+@@ -71,32 +45,19 @@
+ hostNetwork: true
+ hostPID: true
+ hostIPC: true
+- dnsPolicy: ClusterFirstWithHostNet
++ dnsPolicy: {{ .Values.pod.dns_policy }}
+ nodeSelector:
+ {{ .Values.labels.ovn_controller.node_selector_key }}: {{ .Values.labels.ovn_controller.node_selector_value }}
+ initContainers:
+ {{- tuple $envAll "ovn_controller" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+- - name: get-gw-enabled
+-{{ tuple $envAll "ovn_controller_kubectl" | include "helm-toolkit.snippets.image" | indent 10 }}
+- command:
+- - /bin/bash
+- - -c
+- - |
+- kubectl get node ${NODENAME} -o jsonpath='{.metadata.labels.l3-agent}' > /tmp/gw-enabled/gw-enabled
+- env:
+- - name: NODENAME
+- valueFrom:
+- fieldRef:
+- fieldPath: spec.nodeName
+- volumeMounts:
+- - name: gw-enabled
+- mountPath: /tmp/gw-enabled
+- readOnly: false
+ - name: controller-init
+ {{ dict "envAll" $envAll "application" "ovn_controller" "container" "controller_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+ {{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
+ command:
+ - /tmp/ovn-controller-init.sh
++ env:
++ - name: OVN_CMS_OPTIONS
++ value: {{ .Values.conf.ovn_cms_options | quote }}
+ volumeMounts:
+ - name: ovn-bin
+ mountPath: /tmp/ovn-controller-init.sh
+@@ -108,9 +69,6 @@
+ mountPath: /tmp/auto_bridge_add
+ subPath: auto_bridge_add
+ readOnly: true
+- - name: gw-enabled
+- mountPath: /tmp/gw-enabled
+- readOnly: true
+ containers:
+ - name: controller
+ {{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
+@@ -157,6 +115,4 @@
+ hostPath:
+ path: /run/ovn
+ type: DirectoryOrCreate
+- - name: gw-enabled
+- emptyDir: {}
+ {{- end }}
+diff --git a/ovn/templates/statefulset-ovsdb-nb.yaml b/ovn/templates/statefulset-ovsdb-nb.yaml
+index 95a33b1..0495816 100644
+--- a/ovn/templates/statefulset-ovsdb-nb.yaml
++++ b/ovn/templates/statefulset-ovsdb-nb.yaml
+@@ -58,7 +58,7 @@
+ - name: OVS_DATABASE
+ value: nb
+ - name: OVS_PORT
+- value: "{{ tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}"
++ value: {{ tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
+ command:
+ - /tmp/ovsdb-server.sh
+ - start
+diff --git a/ovn/templates/statefulset-ovsdb-sb.yaml b/ovn/templates/statefulset-ovsdb-sb.yaml
+index d300d3f..9e7b667 100644
+--- a/ovn/templates/statefulset-ovsdb-sb.yaml
++++ b/ovn/templates/statefulset-ovsdb-sb.yaml
+@@ -58,7 +58,7 @@
+ - name: OVS_DATABASE
+ value: sb
+ - name: OVS_PORT
+- value: "{{ tuple "ovn-ovsdb-sb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}"
++ value: {{ tuple "ovn-ovsdb-sb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
+ command:
+ - /tmp/ovsdb-server.sh
+ - start
+diff --git a/ovn/values.yaml b/ovn/values.yaml
+index 8c3dc5a..7d342ad 100644
+--- a/ovn/values.yaml
++++ b/ovn/values.yaml
+@@ -24,7 +24,6 @@
+ ovn_ovsdb_sb: docker.io/openstackhelm/ovn:ubuntu_focal
+ ovn_northd: docker.io/openstackhelm/ovn:ubuntu_focal
+ ovn_controller: docker.io/openstackhelm/ovn:ubuntu_focal
+- ovn_controller_kubectl: docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_jammy
+ dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal
+ image_repo_sync: docker.io/library/docker:17.07.0
+ pull_policy: "IfNotPresent"
+@@ -47,6 +46,9 @@
+ ovn_controller:
+ node_selector_key: openvswitch
+ node_selector_value: enabled
++ ovn_controller_gw:
++ node_selector_key: openstack-control-plane
++ node_selector_value: enabled
+
+ volume:
+ ovn_ovsdb_nb:
+@@ -99,6 +101,14 @@
+ controller:
+ readOnlyRootFilesystem: true
+ privileged: true
++ ovn_controller_gw:
++ container:
++ controller_init:
++ readOnlyRootFilesystem: true
++ privileged: true
++ controller:
++ readOnlyRootFilesystem: true
++ privileged: true
+ tolerations:
+ ovn_ovsdb_nb:
+ enabled: false
+@@ -108,6 +118,8 @@
+ enabled: false
+ ovn_controller:
+ enabled: false
++ ovn_controller_gw:
++ enabled: false
+ affinity:
+ anti:
+ type:
+@@ -155,6 +167,10 @@
+ enabled: true
+ min_ready_seconds: 0
+ max_unavailable: 1
++ ovn_controller_gw:
++ enabled: true
++ min_ready_seconds: 0
++ max_unavailable: 1
+ resources:
+ enabled: false
+ ovs:
+@@ -186,6 +202,13 @@
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
++ ovn_controller_gw:
++ requests:
++ memory: "128Mi"
++ cpu: "100m"
++ limits:
++ memory: "1024Mi"
++ cpu: "2000m"
+ jobs:
+ image_repo_sync:
+ requests:
+@@ -273,6 +296,9 @@
+ ovn_controller:
+ ingress:
+ - {}
++ ovn_controller_gw:
++ ingress:
++ - {}
+ egress:
+ - {}
+
+@@ -298,6 +324,10 @@
+ services:
+ - endpoint: internal
+ service: ovn-ovsdb-sb
++ ovn_controller_gw:
++ services:
++ - endpoint: internal
++ service: ovn-ovsdb-sb
+ pod:
+ - requireSameNode: true
+ labels:
+@@ -312,12 +342,12 @@
+ configmap_bin: true
+ configmap_etc: true
+ deployment_northd: true
+- daemonset_controller: true
+ service_ovn_ovsdb_nb: true
+ service_ovn_ovsdb_sb: true
+ statefulset_ovn_ovsdb_nb: true
+ statefulset_ovn_ovsdb_sb: true
+ deployment_ovn_northd: true
+ daemonset_ovn_controller: true
++ daemonset_ovn_controller_gw: true
+ job_image_repo_sync: true
+ ...
diff --git a/charts/patches/ovn/0001-switch-to-ovn-kubernetes.patch b/charts/patches/ovn/0001-switch-to-ovn-kubernetes.patch
index 51a4bad..149542c 100644
--- a/charts/patches/ovn/0001-switch-to-ovn-kubernetes.patch
+++ b/charts/patches/ovn/0001-switch-to-ovn-kubernetes.patch
@@ -161,7 +161,7 @@
volumeMounts:
- name: ovn-bin
mountPath: /tmp/ovn-controller-init.sh
-@@ -69,25 +83,33 @@ spec:
+@@ -69,29 +82,35 @@ spec:
readOnly: true
containers:
- name: controller
@@ -206,9 +206,22 @@
+ mountPath: /var/run/ovn
+ - name: run-openvswitch
+ mountPath: /var/run/openvswitch
+ - name: logs
+ mountPath: /var/log/ovn
+- - name: run-ovn
+- mountPath: /run/ovn
volumes:
- name: ovn-bin
configMap:
+@@ -109,8 +128,4 @@ spec:
+ hostPath:
+ path: /var/log/ovn
+ type: DirectoryOrCreate
+- - name: run-ovn
+- hostPath:
+- path: /run/ovn
+- type: DirectoryOrCreate
+ {{- end }}
diff --git a/ovn/templates/daemonset-controller.yaml b/ovn/templates/daemonset-controller.yaml
index 4cd5d9b2..fae94512 100644
--- a/ovn/templates/daemonset-controller.yaml
diff --git a/charts/patches/ovn/0002-add-logging-parser.patch b/charts/patches/ovn/0002-add-logging-parser.patch
index 9133d00..8394063 100644
--- a/charts/patches/ovn/0002-add-logging-parser.patch
+++ b/charts/patches/ovn/0002-add-logging-parser.patch
@@ -73,12 +73,10 @@
index eb309c5e..3ecd81dc 100644
--- a/ovn/templates/daemonset-controller-gw.yaml
+++ b/ovn/templates/daemonset-controller-gw.yaml
-@@ -112,6 +112,54 @@ spec:
- mountPath: /var/run/ovn
- - name: run-openvswitch
+@@ -111,6 +111,52 @@ spec:
mountPath: /var/run/openvswitch
-+ - name: shared
-+ mountPath: /var/log/ovn/
+ - name: logs
+ mountPath: /var/log/ovn
+ {{- if .Values.pod.sidecars.vector }}
+ - name: vector
+{{ tuple $envAll "vector" | include "helm-toolkit.snippets.image" | indent 10 }}
@@ -91,7 +89,7 @@
+ volumeMounts:
+ - name: vector-config
+ mountPath: /etc/vector
-+ - name: shared
++ - name: logs
+ mountPath: /logs
+ - name: vector-data
+ mountPath: /var/lib/vector
@@ -128,12 +126,10 @@
volumes:
- name: ovn-bin
configMap:
-@@ -125,4 +173,19 @@ spec:
- secret:
- secretName: {{ $configMapName }}
- defaultMode: 0444
-+ - name: shared
-+ emptyDir: {}
+@@ -128,4 +174,17 @@ spec:
+ hostPath:
+ path: /var/log/ovn
+ type: DirectoryOrCreate
+ {{- if .Values.pod.sidecars.vector }}
+ - name: vector-config
+ secret: