diff --git a/charts/cinder/charts/helm-toolkit/requirements.lock b/charts/cinder/charts/helm-toolkit/requirements.lock
new file mode 100644
index 0000000..808bd94
--- /dev/null
+++ b/charts/cinder/charts/helm-toolkit/requirements.lock
@@ -0,0 +1,3 @@
+dependencies: []
+digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726
+generated: '0001-01-01T00:00:00Z'
diff --git a/charts/cinder/requirements.lock b/charts/cinder/requirements.lock
index 67c5213..e346dde 100644
--- a/charts/cinder/requirements.lock
+++ b/charts/cinder/requirements.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: helm-toolkit
-  repository: file://../../openstack-helm-infra/helm-toolkit
+  repository: https://tarballs.openstack.org/openstack-helm-infra
   version: 0.2.55
-digest: sha256:f25556fa4f0b285a96cbf853e72555c04e65772daf0ffa6b518321e5e249f5ca
-generated: "2023-11-22T20:14:58.592049716Z"
+digest: sha256:92b4001062b365cd9687eb926780c7f64e17e488262c1167339ade0fe600b368
+generated: '0001-01-01T00:00:00Z'
diff --git a/charts/cinder/requirements.yaml b/charts/cinder/requirements.yaml
index 4124d01..6ab539f 100644
--- a/charts/cinder/requirements.yaml
+++ b/charts/cinder/requirements.yaml
@@ -1,16 +1,4 @@
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
 dependencies:
-  - name: helm-toolkit
-    repository: file://../../openstack-helm-infra/helm-toolkit
-    version: ">= 0.1.0"
+- name: helm-toolkit
+  repository: https://tarballs.openstack.org/openstack-helm-infra
+  version: 0.2.55
diff --git a/charts/designate/charts/helm-toolkit/requirements.lock b/charts/designate/charts/helm-toolkit/requirements.lock
new file mode 100644
index 0000000..808bd94
--- /dev/null
+++ b/charts/designate/charts/helm-toolkit/requirements.lock
@@ -0,0 +1,3 @@
+dependencies: []
+digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726
+generated: '0001-01-01T00:00:00Z'
diff --git a/charts/designate/requirements.lock b/charts/designate/requirements.lock
index b454b93..e346dde 100644
--- a/charts/designate/requirements.lock
+++ b/charts/designate/requirements.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: helm-toolkit
-  repository: file://../../openstack-helm-infra/helm-toolkit
+  repository: https://tarballs.openstack.org/openstack-helm-infra
   version: 0.2.55
-digest: sha256:f25556fa4f0b285a96cbf853e72555c04e65772daf0ffa6b518321e5e249f5ca
-generated: "2023-11-22T20:14:54.685042515Z"
+digest: sha256:92b4001062b365cd9687eb926780c7f64e17e488262c1167339ade0fe600b368
+generated: '0001-01-01T00:00:00Z'
diff --git a/charts/designate/requirements.yaml b/charts/designate/requirements.yaml
index 4124d01..6ab539f 100644
--- a/charts/designate/requirements.yaml
+++ b/charts/designate/requirements.yaml
@@ -1,16 +1,4 @@
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
 dependencies:
-  - name: helm-toolkit
-    repository: file://../../openstack-helm-infra/helm-toolkit
-    version: ">= 0.1.0"
+- name: helm-toolkit
+  repository: https://tarballs.openstack.org/openstack-helm-infra
+  version: 0.2.55
diff --git a/charts/glance/charts/helm-toolkit/requirements.lock b/charts/glance/charts/helm-toolkit/requirements.lock
new file mode 100644
index 0000000..808bd94
--- /dev/null
+++ b/charts/glance/charts/helm-toolkit/requirements.lock
@@ -0,0 +1,3 @@
+dependencies: []
+digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726
+generated: '0001-01-01T00:00:00Z'
diff --git a/charts/glance/requirements.lock b/charts/glance/requirements.lock
index 1005916..e346dde 100644
--- a/charts/glance/requirements.lock
+++ b/charts/glance/requirements.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: helm-toolkit
-  repository: file://../../openstack-helm-infra/helm-toolkit
+  repository: https://tarballs.openstack.org/openstack-helm-infra
   version: 0.2.55
-digest: sha256:f25556fa4f0b285a96cbf853e72555c04e65772daf0ffa6b518321e5e249f5ca
-generated: "2023-11-09T15:11:39.317300744Z"
+digest: sha256:92b4001062b365cd9687eb926780c7f64e17e488262c1167339ade0fe600b368
+generated: '0001-01-01T00:00:00Z'
diff --git a/charts/glance/requirements.yaml b/charts/glance/requirements.yaml
index 4124d01..6ab539f 100644
--- a/charts/glance/requirements.yaml
+++ b/charts/glance/requirements.yaml
@@ -1,16 +1,4 @@
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
 dependencies:
-  - name: helm-toolkit
-    repository: file://../../openstack-helm-infra/helm-toolkit
-    version: ">= 0.1.0"
+- name: helm-toolkit
+  repository: https://tarballs.openstack.org/openstack-helm-infra
+  version: 0.2.55
diff --git a/charts/cert-manager-webhook-godaddy/.helmignore b/charts/godaddy-webhook/.helmignore
similarity index 100%
rename from charts/cert-manager-webhook-godaddy/.helmignore
rename to charts/godaddy-webhook/.helmignore
diff --git a/charts/cert-manager-webhook-godaddy/Chart.yaml b/charts/godaddy-webhook/Chart.yaml
similarity index 100%
rename from charts/cert-manager-webhook-godaddy/Chart.yaml
rename to charts/godaddy-webhook/Chart.yaml
diff --git a/charts/cert-manager-webhook-godaddy/templates/NOTES.txt b/charts/godaddy-webhook/templates/NOTES.txt
similarity index 100%
rename from charts/cert-manager-webhook-godaddy/templates/NOTES.txt
rename to charts/godaddy-webhook/templates/NOTES.txt
diff --git a/charts/cert-manager-webhook-godaddy/templates/_helpers.tpl b/charts/godaddy-webhook/templates/_helpers.tpl
similarity index 100%
rename from charts/cert-manager-webhook-godaddy/templates/_helpers.tpl
rename to charts/godaddy-webhook/templates/_helpers.tpl
diff --git a/charts/cert-manager-webhook-godaddy/templates/apiservice.yaml b/charts/godaddy-webhook/templates/apiservice.yaml
similarity index 100%
rename from charts/cert-manager-webhook-godaddy/templates/apiservice.yaml
rename to charts/godaddy-webhook/templates/apiservice.yaml
diff --git a/charts/cert-manager-webhook-godaddy/templates/deployment.yaml b/charts/godaddy-webhook/templates/deployment.yaml
similarity index 100%
rename from charts/cert-manager-webhook-godaddy/templates/deployment.yaml
rename to charts/godaddy-webhook/templates/deployment.yaml
diff --git a/charts/cert-manager-webhook-godaddy/templates/pki.yaml b/charts/godaddy-webhook/templates/pki.yaml
similarity index 100%
rename from charts/cert-manager-webhook-godaddy/templates/pki.yaml
rename to charts/godaddy-webhook/templates/pki.yaml
diff --git a/charts/cert-manager-webhook-godaddy/templates/rbac.yaml b/charts/godaddy-webhook/templates/rbac.yaml
similarity index 100%
rename from charts/cert-manager-webhook-godaddy/templates/rbac.yaml
rename to charts/godaddy-webhook/templates/rbac.yaml
diff --git a/charts/cert-manager-webhook-godaddy/templates/service.yaml b/charts/godaddy-webhook/templates/service.yaml
similarity index 100%
rename from charts/cert-manager-webhook-godaddy/templates/service.yaml
rename to charts/godaddy-webhook/templates/service.yaml
diff --git a/charts/cert-manager-webhook-godaddy/values.yaml b/charts/godaddy-webhook/values.yaml
similarity index 100%
rename from charts/cert-manager-webhook-godaddy/values.yaml
rename to charts/godaddy-webhook/values.yaml
diff --git a/charts/heat/charts/helm-toolkit/requirements.lock b/charts/heat/charts/helm-toolkit/requirements.lock
new file mode 100644
index 0000000..808bd94
--- /dev/null
+++ b/charts/heat/charts/helm-toolkit/requirements.lock
@@ -0,0 +1,3 @@
+dependencies: []
+digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726
+generated: '0001-01-01T00:00:00Z'
diff --git a/charts/heat/requirements.lock b/charts/heat/requirements.lock
index 4057c92..e346dde 100644
--- a/charts/heat/requirements.lock
+++ b/charts/heat/requirements.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: helm-toolkit
-  repository: file://../../openstack-helm-infra/helm-toolkit
+  repository: https://tarballs.openstack.org/openstack-helm-infra
   version: 0.2.55
-digest: sha256:f25556fa4f0b285a96cbf853e72555c04e65772daf0ffa6b518321e5e249f5ca
-generated: "2023-11-20T16:59:14.214540302Z"
+digest: sha256:92b4001062b365cd9687eb926780c7f64e17e488262c1167339ade0fe600b368
+generated: '0001-01-01T00:00:00Z'
diff --git a/charts/heat/requirements.yaml b/charts/heat/requirements.yaml
index 4124d01..6ab539f 100644
--- a/charts/heat/requirements.yaml
+++ b/charts/heat/requirements.yaml
@@ -1,16 +1,4 @@
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
 dependencies:
-  - name: helm-toolkit
-    repository: file://../../openstack-helm-infra/helm-toolkit
-    version: ">= 0.1.0"
+- name: helm-toolkit
+  repository: https://tarballs.openstack.org/openstack-helm-infra
+  version: 0.2.55
diff --git a/charts/horizon/charts/helm-toolkit/requirements.lock b/charts/horizon/charts/helm-toolkit/requirements.lock
new file mode 100644
index 0000000..808bd94
--- /dev/null
+++ b/charts/horizon/charts/helm-toolkit/requirements.lock
@@ -0,0 +1,3 @@
+dependencies: []
+digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726
+generated: '0001-01-01T00:00:00Z'
diff --git a/charts/horizon/requirements.lock b/charts/horizon/requirements.lock
index d605ea5..e346dde 100644
--- a/charts/horizon/requirements.lock
+++ b/charts/horizon/requirements.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: helm-toolkit
-  repository: file://../../openstack-helm-infra/helm-toolkit
+  repository: https://tarballs.openstack.org/openstack-helm-infra
   version: 0.2.55
-digest: sha256:f25556fa4f0b285a96cbf853e72555c04e65772daf0ffa6b518321e5e249f5ca
-generated: "2023-11-22T20:15:05.83595607Z"
+digest: sha256:92b4001062b365cd9687eb926780c7f64e17e488262c1167339ade0fe600b368
+generated: '0001-01-01T00:00:00Z'
diff --git a/charts/horizon/requirements.yaml b/charts/horizon/requirements.yaml
index 4124d01..6ab539f 100644
--- a/charts/horizon/requirements.yaml
+++ b/charts/horizon/requirements.yaml
@@ -1,16 +1,4 @@
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
 dependencies:
-  - name: helm-toolkit
-    repository: file://../../openstack-helm-infra/helm-toolkit
-    version: ">= 0.1.0"
+- name: helm-toolkit
+  repository: https://tarballs.openstack.org/openstack-helm-infra
+  version: 0.2.55
diff --git a/charts/keystone/charts/helm-toolkit/requirements.lock b/charts/keystone/charts/helm-toolkit/requirements.lock
new file mode 100644
index 0000000..808bd94
--- /dev/null
+++ b/charts/keystone/charts/helm-toolkit/requirements.lock
@@ -0,0 +1,3 @@
+dependencies: []
+digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726
+generated: '0001-01-01T00:00:00Z'
diff --git a/charts/keystone/requirements.lock b/charts/keystone/requirements.lock
index a2fbbec..e346dde 100644
--- a/charts/keystone/requirements.lock
+++ b/charts/keystone/requirements.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: helm-toolkit
-  repository: file://../../openstack-helm-infra/helm-toolkit
+  repository: https://tarballs.openstack.org/openstack-helm-infra
   version: 0.2.55
-digest: sha256:f25556fa4f0b285a96cbf853e72555c04e65772daf0ffa6b518321e5e249f5ca
-generated: "2023-11-15T23:04:58.660312058Z"
+digest: sha256:92b4001062b365cd9687eb926780c7f64e17e488262c1167339ade0fe600b368
+generated: '0001-01-01T00:00:00Z'
diff --git a/charts/keystone/requirements.yaml b/charts/keystone/requirements.yaml
index 4124d01..6ab539f 100644
--- a/charts/keystone/requirements.yaml
+++ b/charts/keystone/requirements.yaml
@@ -1,16 +1,4 @@
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
 dependencies:
-  - name: helm-toolkit
-    repository: file://../../openstack-helm-infra/helm-toolkit
-    version: ">= 0.1.0"
+- name: helm-toolkit
+  repository: https://tarballs.openstack.org/openstack-helm-infra
+  version: 0.2.55
diff --git a/charts/libvirt/charts/helm-toolkit/requirements.lock b/charts/libvirt/charts/helm-toolkit/requirements.lock
index 474adbc..808bd94 100644
--- a/charts/libvirt/charts/helm-toolkit/requirements.lock
+++ b/charts/libvirt/charts/helm-toolkit/requirements.lock
@@ -1,3 +1,3 @@
 dependencies: []
 digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726
-generated: "2023-11-29T02:39:33.120856137Z"
+generated: '0001-01-01T00:00:00Z'
diff --git a/charts/libvirt/requirements.lock b/charts/libvirt/requirements.lock
index 41e4298..5cfd353 100644
--- a/charts/libvirt/requirements.lock
+++ b/charts/libvirt/requirements.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: helm-toolkit
-  repository: file://../helm-toolkit
+  repository: https://tarballs.openstack.org/openstack-helm-infra
   version: 0.2.56
-digest: sha256:2341734ff37eda298acb943a81ff603ee8edd5cfcbe655dba5943b485b64f9e3
-generated: "2023-11-29T02:39:38.485927956Z"
+digest: sha256:aacff4a999f7d7cc6a011849a6b040e36a8a168af72da9d0db2f00a346974769
+generated: '0001-01-01T00:00:00Z'
diff --git a/charts/libvirt/requirements.yaml b/charts/libvirt/requirements.yaml
index 84f0aff..2590759 100644
--- a/charts/libvirt/requirements.yaml
+++ b/charts/libvirt/requirements.yaml
@@ -1,18 +1,4 @@
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
----
 dependencies:
-  - name: helm-toolkit
-    repository: file://../helm-toolkit
-    version: ">= 0.1.0"
-...
+- name: helm-toolkit
+  repository: https://tarballs.openstack.org/openstack-helm-infra
+  version: 0.2.56
diff --git a/charts/magnum/charts/helm-toolkit/requirements.lock b/charts/magnum/charts/helm-toolkit/requirements.lock
new file mode 100644
index 0000000..808bd94
--- /dev/null
+++ b/charts/magnum/charts/helm-toolkit/requirements.lock
@@ -0,0 +1,3 @@
+dependencies: []
+digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726
+generated: '0001-01-01T00:00:00Z'
diff --git a/charts/magnum/requirements.lock b/charts/magnum/requirements.lock
index f10f451..e346dde 100644
--- a/charts/magnum/requirements.lock
+++ b/charts/magnum/requirements.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: helm-toolkit
-  repository: file://../../openstack-helm-infra/helm-toolkit
+  repository: https://tarballs.openstack.org/openstack-helm-infra
   version: 0.2.55
-digest: sha256:f25556fa4f0b285a96cbf853e72555c04e65772daf0ffa6b518321e5e249f5ca
-generated: "2023-11-22T20:15:14.57130025Z"
+digest: sha256:92b4001062b365cd9687eb926780c7f64e17e488262c1167339ade0fe600b368
+generated: '0001-01-01T00:00:00Z'
diff --git a/charts/magnum/requirements.yaml b/charts/magnum/requirements.yaml
index 4124d01..6ab539f 100644
--- a/charts/magnum/requirements.yaml
+++ b/charts/magnum/requirements.yaml
@@ -1,16 +1,4 @@
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
 dependencies:
-  - name: helm-toolkit
-    repository: file://../../openstack-helm-infra/helm-toolkit
-    version: ">= 0.1.0"
+- name: helm-toolkit
+  repository: https://tarballs.openstack.org/openstack-helm-infra
+  version: 0.2.55
diff --git a/charts/manila/charts/helm-toolkit/requirements.lock b/charts/manila/charts/helm-toolkit/requirements.lock
new file mode 100644
index 0000000..808bd94
--- /dev/null
+++ b/charts/manila/charts/helm-toolkit/requirements.lock
@@ -0,0 +1,3 @@
+dependencies: []
+digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726
+generated: '0001-01-01T00:00:00Z'
diff --git a/charts/manila/requirements.lock b/charts/manila/requirements.lock
index 8d56ee1..e346dde 100644
--- a/charts/manila/requirements.lock
+++ b/charts/manila/requirements.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: helm-toolkit
-  repository: file://../../openstack-helm-infra/helm-toolkit
+  repository: https://tarballs.openstack.org/openstack-helm-infra
   version: 0.2.55
-digest: sha256:f25556fa4f0b285a96cbf853e72555c04e65772daf0ffa6b518321e5e249f5ca
-generated: "2023-11-22T20:15:09.875210224Z"
+digest: sha256:92b4001062b365cd9687eb926780c7f64e17e488262c1167339ade0fe600b368
+generated: '0001-01-01T00:00:00Z'
diff --git a/charts/manila/requirements.yaml b/charts/manila/requirements.yaml
index 4124d01..6ab539f 100644
--- a/charts/manila/requirements.yaml
+++ b/charts/manila/requirements.yaml
@@ -1,16 +1,4 @@
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
 dependencies:
-  - name: helm-toolkit
-    repository: file://../../openstack-helm-infra/helm-toolkit
-    version: ">= 0.1.0"
+- name: helm-toolkit
+  repository: https://tarballs.openstack.org/openstack-helm-infra
+  version: 0.2.55
diff --git a/charts/neutron/charts/helm-toolkit/requirements.lock b/charts/neutron/charts/helm-toolkit/requirements.lock
new file mode 100644
index 0000000..808bd94
--- /dev/null
+++ b/charts/neutron/charts/helm-toolkit/requirements.lock
@@ -0,0 +1,3 @@
+dependencies: []
+digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726
+generated: '0001-01-01T00:00:00Z'
diff --git a/charts/neutron/requirements.lock b/charts/neutron/requirements.lock
index 9cc2f76..e346dde 100644
--- a/charts/neutron/requirements.lock
+++ b/charts/neutron/requirements.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: helm-toolkit
-  repository: file://../../openstack-helm-infra/helm-toolkit
+  repository: https://tarballs.openstack.org/openstack-helm-infra
   version: 0.2.55
-digest: sha256:f25556fa4f0b285a96cbf853e72555c04e65772daf0ffa6b518321e5e249f5ca
-generated: "2023-11-22T20:14:55.619219382Z"
+digest: sha256:92b4001062b365cd9687eb926780c7f64e17e488262c1167339ade0fe600b368
+generated: '0001-01-01T00:00:00Z'
diff --git a/charts/neutron/requirements.yaml b/charts/neutron/requirements.yaml
index 4124d01..6ab539f 100644
--- a/charts/neutron/requirements.yaml
+++ b/charts/neutron/requirements.yaml
@@ -1,16 +1,4 @@
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
 dependencies:
-  - name: helm-toolkit
-    repository: file://../../openstack-helm-infra/helm-toolkit
-    version: ">= 0.1.0"
+- name: helm-toolkit
+  repository: https://tarballs.openstack.org/openstack-helm-infra
+  version: 0.2.55
diff --git a/charts/neutron/templates/daemonset-ovn-metadata-agent.yaml b/charts/neutron/templates/daemonset-ovn-metadata-agent.yaml
index 431758d..5c2999c 100644
--- a/charts/neutron/templates/daemonset-ovn-metadata-agent.yaml
+++ b/charts/neutron/templates/daemonset-ovn-metadata-agent.yaml
@@ -100,8 +100,8 @@
           command:
             - /tmp/neutron-metadata-agent-init.sh
           volumeMounts:
-            - name: run
-              mountPath: /run
+            - name: run-openvswitch
+              mountPath: /run/openvswitch
             - name: pod-tmp
               mountPath: /tmp
             - name: neutron-bin
diff --git a/charts/nova/charts/helm-toolkit/requirements.lock b/charts/nova/charts/helm-toolkit/requirements.lock
new file mode 100644
index 0000000..808bd94
--- /dev/null
+++ b/charts/nova/charts/helm-toolkit/requirements.lock
@@ -0,0 +1,3 @@
+dependencies: []
+digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726
+generated: '0001-01-01T00:00:00Z'
diff --git a/charts/nova/requirements.lock b/charts/nova/requirements.lock
index 5c187eb..e346dde 100644
--- a/charts/nova/requirements.lock
+++ b/charts/nova/requirements.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: helm-toolkit
-  repository: file://../../openstack-helm-infra/helm-toolkit
+  repository: https://tarballs.openstack.org/openstack-helm-infra
   version: 0.2.55
-digest: sha256:f25556fa4f0b285a96cbf853e72555c04e65772daf0ffa6b518321e5e249f5ca
-generated: "2023-11-03T00:16:38.441631616Z"
+digest: sha256:92b4001062b365cd9687eb926780c7f64e17e488262c1167339ade0fe600b368
+generated: '0001-01-01T00:00:00Z'
diff --git a/charts/nova/requirements.yaml b/charts/nova/requirements.yaml
index 4124d01..6ab539f 100644
--- a/charts/nova/requirements.yaml
+++ b/charts/nova/requirements.yaml
@@ -1,16 +1,4 @@
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
 dependencies:
-  - name: helm-toolkit
-    repository: file://../../openstack-helm-infra/helm-toolkit
-    version: ">= 0.1.0"
+- name: helm-toolkit
+  repository: https://tarballs.openstack.org/openstack-helm-infra
+  version: 0.2.55
diff --git a/charts/octavia/charts/helm-toolkit/requirements.lock b/charts/octavia/charts/helm-toolkit/requirements.lock
new file mode 100644
index 0000000..808bd94
--- /dev/null
+++ b/charts/octavia/charts/helm-toolkit/requirements.lock
@@ -0,0 +1,3 @@
+dependencies: []
+digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726
+generated: '0001-01-01T00:00:00Z'
diff --git a/charts/octavia/requirements.lock b/charts/octavia/requirements.lock
index f24caac..e346dde 100644
--- a/charts/octavia/requirements.lock
+++ b/charts/octavia/requirements.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: helm-toolkit
-  repository: file://../../openstack-helm-infra/helm-toolkit
+  repository: https://tarballs.openstack.org/openstack-helm-infra
   version: 0.2.55
-digest: sha256:f25556fa4f0b285a96cbf853e72555c04e65772daf0ffa6b518321e5e249f5ca
-generated: "2023-11-22T20:15:15.673945271Z"
+digest: sha256:92b4001062b365cd9687eb926780c7f64e17e488262c1167339ade0fe600b368
+generated: '0001-01-01T00:00:00Z'
diff --git a/charts/octavia/requirements.yaml b/charts/octavia/requirements.yaml
index 512dcb4..6ab539f 100644
--- a/charts/octavia/requirements.yaml
+++ b/charts/octavia/requirements.yaml
@@ -1,18 +1,4 @@
-# Copyright 2019 Samsung Electronics Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
 dependencies:
-  - name: helm-toolkit
-    repository: file://../../openstack-helm-infra/helm-toolkit
-    version: ">= 0.1.0"
+- name: helm-toolkit
+  repository: https://tarballs.openstack.org/openstack-helm-infra
+  version: 0.2.55
diff --git a/charts/openvswitch/charts/helm-toolkit/requirements.lock b/charts/openvswitch/charts/helm-toolkit/requirements.lock
index 474adbc..808bd94 100644
--- a/charts/openvswitch/charts/helm-toolkit/requirements.lock
+++ b/charts/openvswitch/charts/helm-toolkit/requirements.lock
@@ -1,3 +1,3 @@
 dependencies: []
 digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726
-generated: "2023-11-29T02:39:33.120856137Z"
+generated: '0001-01-01T00:00:00Z'
diff --git a/charts/openvswitch/requirements.lock b/charts/openvswitch/requirements.lock
index a9a0bd4..5cfd353 100644
--- a/charts/openvswitch/requirements.lock
+++ b/charts/openvswitch/requirements.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: helm-toolkit
-  repository: file://../helm-toolkit
+  repository: https://tarballs.openstack.org/openstack-helm-infra
   version: 0.2.56
-digest: sha256:2341734ff37eda298acb943a81ff603ee8edd5cfcbe655dba5943b485b64f9e3
-generated: "2023-11-29T02:39:43.736465441Z"
+digest: sha256:aacff4a999f7d7cc6a011849a6b040e36a8a168af72da9d0db2f00a346974769
+generated: '0001-01-01T00:00:00Z'
diff --git a/charts/openvswitch/requirements.yaml b/charts/openvswitch/requirements.yaml
index 84f0aff..2590759 100644
--- a/charts/openvswitch/requirements.yaml
+++ b/charts/openvswitch/requirements.yaml
@@ -1,18 +1,4 @@
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
----
 dependencies:
-  - name: helm-toolkit
-    repository: file://../helm-toolkit
-    version: ">= 0.1.0"
-...
+- name: helm-toolkit
+  repository: https://tarballs.openstack.org/openstack-helm-infra
+  version: 0.2.56
diff --git a/charts/ovn/charts/helm-toolkit/requirements.lock b/charts/ovn/charts/helm-toolkit/requirements.lock
index 474adbc..808bd94 100644
--- a/charts/ovn/charts/helm-toolkit/requirements.lock
+++ b/charts/ovn/charts/helm-toolkit/requirements.lock
@@ -1,3 +1,3 @@
 dependencies: []
 digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726
-generated: "2023-11-29T02:39:33.120856137Z"
+generated: '0001-01-01T00:00:00Z'
diff --git a/charts/ovn/requirements.lock b/charts/ovn/requirements.lock
index 0e9719e..5cfd353 100644
--- a/charts/ovn/requirements.lock
+++ b/charts/ovn/requirements.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: helm-toolkit
-  repository: file://../helm-toolkit
+  repository: https://tarballs.openstack.org/openstack-helm-infra
   version: 0.2.56
-digest: sha256:2341734ff37eda298acb943a81ff603ee8edd5cfcbe655dba5943b485b64f9e3
-generated: "2023-11-29T02:39:38.134714677Z"
+digest: sha256:aacff4a999f7d7cc6a011849a6b040e36a8a168af72da9d0db2f00a346974769
+generated: '0001-01-01T00:00:00Z'
diff --git a/charts/ovn/requirements.yaml b/charts/ovn/requirements.yaml
index 84f0aff..2590759 100644
--- a/charts/ovn/requirements.yaml
+++ b/charts/ovn/requirements.yaml
@@ -1,18 +1,4 @@
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
----
 dependencies:
-  - name: helm-toolkit
-    repository: file://../helm-toolkit
-    version: ">= 0.1.0"
-...
+- name: helm-toolkit
+  repository: https://tarballs.openstack.org/openstack-helm-infra
+  version: 0.2.56
diff --git a/charts/patches/cinder/0001-tune-uwsgi-config.patch b/charts/patches/cinder/0001-tune-uwsgi-config.patch
new file mode 100644
index 0000000..c6d1e6a
--- /dev/null
+++ b/charts/patches/cinder/0001-tune-uwsgi-config.patch
@@ -0,0 +1,25 @@
+diff --git b/cinder/values.yaml a/charts/cinder/values.yaml
+index 0c50ec60..12351a60 100644
+--- b/cinder/values.yaml
++++ a/cinder/values.yaml
+@@ -1015,15 +1015,20 @@ conf:
+     uwsgi:
+       add-header: "Connection: close"
+       buffer-size: 65535
++      chunked-input-limit: "4096000"
+       die-on-term: true
+       enable-threads: true
+       exit-on-reload: false
+       hook-master-start: unix_signal:15 gracefully_kill_them_all
++      http-auto-chunked: true
++      http-raw-body: true
+       lazy-apps: true
+       log-x-forwarded-for: true
+       master: true
++      need-app: true
+       procname-prefix-spaced: "cinder-api:"
+       route-user-agent: '^kube-probe.* donotlog:'
++      socket-timeout: 10
+       thunder-lock: true
+       worker-reload-mercy: 80
+       wsgi-file: /var/lib/openstack/bin/cinder-wsgi
diff --git a/charts/patches/designate/0001-tune-uwsgi-config.patch b/charts/patches/designate/0001-tune-uwsgi-config.patch
new file mode 100644
index 0000000..6493965
--- /dev/null
+++ b/charts/patches/designate/0001-tune-uwsgi-config.patch
@@ -0,0 +1,25 @@
+diff --git b/designate/values.yaml a/charts/designate/values.yaml
+index 80051e75..71694146 100644
+--- b/designate/values.yaml
++++ a/designate/values.yaml
+@@ -532,15 +532,20 @@ conf:
+     uwsgi:
+       add-header: "Connection: close"
+       buffer-size: 65535
++      chunked-input-limit: "4096000"
+       die-on-term: true
+       enable-threads: true
+       exit-on-reload: false
+       hook-master-start: unix_signal:15 gracefully_kill_them_all
++      http-auto-chunked: true
++      http-raw-body: true
+       lazy-apps: true
+       log-x-forwarded-for: true
+       master: true
++      need-app: true
+       procname-prefix-spaced: "designate-api:"
+       route-user-agent: '^kube-probe.* donotlog:'
++      socket-timeout: 10
+       thunder-lock: true
+       worker-reload-mercy: 80
+       wsgi-file: /var/lib/openstack/bin/designate-api-wsgi
diff --git a/charts/patches/glance/0001-tune-uwsgi-config.patch b/charts/patches/glance/0001-tune-uwsgi-config.patch
new file mode 100644
index 0000000..be37404
--- /dev/null
+++ b/charts/patches/glance/0001-tune-uwsgi-config.patch
@@ -0,0 +1,25 @@
+diff --git b/glance/values.yaml a/charts/glance/values.yaml
+index d2c3f504..85ddf18b 100644
+--- b/glance/values.yaml
++++ a/glance/values.yaml
+@@ -393,15 +393,20 @@ conf:
+     uwsgi:
+       add-header: "Connection: close"
+       buffer-size: 65535
++      chunked-input-limit: "4096000"
+       die-on-term: true
+       enable-threads: true
+       exit-on-reload: false
+       hook-master-start: unix_signal:15 gracefully_kill_them_all
++      http-auto-chunked: true
++      http-raw-body: true
+       lazy-apps: true
+       log-x-forwarded-for: true
+       master: true
++      need-app: true
+       procname-prefix-spaced: "glance-api:"
+       route-user-agent: '^kube-probe.* donotlog:'
++      socket-timeout: 10
+       thunder-lock: true
+       worker-reload-mercy: 80
+       wsgi-file: /var/lib/openstack/bin/glance-wsgi-api
diff --git a/charts/patches/heat/0001-tune-uwsgi-config.patch b/charts/patches/heat/0001-tune-uwsgi-config.patch
new file mode 100644
index 0000000..7047470
--- /dev/null
+++ b/charts/patches/heat/0001-tune-uwsgi-config.patch
@@ -0,0 +1,46 @@
+diff --git b/heat/values.yaml a/charts/heat/values.yaml
+index c9b8cdd9..1cf8bdc4 100644
+--- b/heat/values.yaml
++++ a/heat/values.yaml
+@@ -494,15 +494,20 @@ conf:
+     uwsgi:
+       add-header: "Connection: close"
+       buffer-size: 65535
++      chunked-input-limit: "4096000"
+       die-on-term: true
+       enable-threads: true
+       exit-on-reload: false
+       hook-master-start: unix_signal:15 gracefully_kill_them_all
++      http-auto-chunked: true
++      http-raw-body: true
+       lazy-apps: true
+       log-x-forwarded-for: true
+       master: true
++      need-app: true
+       procname-prefix-spaced: "heat-api:"
+       route-user-agent: '^kube-probe.* donotlog:'
++      socket-timeout: 10
+       thunder-lock: true
+       worker-reload-mercy: 80
+       wsgi-file: /var/lib/openstack/bin/heat-wsgi-api
+@@ -510,15 +515,20 @@ conf:
+     uwsgi:
+       add-header: "Connection: close"
+       buffer-size: 65535
++      chunked-input-limit: 4096000
+       die-on-term: true
+       enable-threads: true
+       exit-on-reload: false
+       hook-master-start: unix_signal:15 gracefully_kill_them_all
++      http-auto-chunked: true
++      http-raw-body: true
+       lazy-apps: true
+       log-x-forwarded-for: true
+       master: true
++      need-app: true
+       procname-prefix-spaced: "heat-api-cfn:"
+       route-user-agent: '^kube-probe.* donotlog:'
++      socket-timeout: 10
+       thunder-lock: true
+       worker-reload-mercy: 80
+       wsgi-file: /var/lib/openstack/bin/heat-wsgi-api-cfn
diff --git a/charts/patches/libvirt/0001-use-libvirt-tls-sidecar.patch b/charts/patches/libvirt/0001-use-libvirt-tls-sidecar.patch
new file mode 100644
index 0000000..24b0b3c
--- /dev/null
+++ b/charts/patches/libvirt/0001-use-libvirt-tls-sidecar.patch
@@ -0,0 +1,398 @@
+diff --git b/libvirt/templates/bin/_libvirt.sh.tpl a/charts/libvirt/templates/bin/_libvirt.sh.tpl
+index 0f96c0be..d87a1262 100644
+--- b/libvirt/templates/bin/_libvirt.sh.tpl
++++ a/libvirt/templates/bin/_libvirt.sh.tpl
+@@ -16,31 +16,30 @@ limitations under the License.
+ 
+ set -ex
+ 
+-# NOTE(mnaser): This will move the API certificates into the expected location.
+-if [ -f /tmp/api.crt ]; then
+-  mkdir -p /etc/pki/CA /etc/pki/libvirt/private
+-
+-  cp /tmp/api-ca.crt {{ .Values.conf.libvirt.ca_file }}
+-  cp /tmp/api-ca.crt /etc/pki/qemu/ca-cert.pem
+-
+-  cp /tmp/api.crt {{ .Values.conf.libvirt.cert_file }}
+-  cp /tmp/api.crt /etc/pki/libvirt/clientcert.pem
+-  cp /tmp/api.crt /etc/pki/qemu/server-cert.pem
+-  cp /tmp/api.crt /etc/pki/qemu/client-cert.pem
+-
+-  cp /tmp/api.key {{ .Values.conf.libvirt.key_file }}
+-  cp /tmp/api.key /etc/pki/libvirt/private/clientkey.pem
+-  cp /tmp/api.key /etc/pki/qemu/server-key.pem
+-  cp /tmp/api.key /etc/pki/qemu/client-key.pem
+-fi
++wait_for_file() {
++  local file=$1
+ 
+-# NOTE(mnaser): This will move the VNC certificates into the expected location.
+-if [ -f /tmp/vnc.crt ]; then
+-  mkdir -p /etc/pki/libvirt-vnc
+-  mv /tmp/vnc.key /etc/pki/libvirt-vnc/server-key.pem
+-  mv /tmp/vnc.crt /etc/pki/libvirt-vnc/server-cert.pem
+-  mv /tmp/vnc-ca.crt /etc/pki/libvirt-vnc/ca-cert.pem
+-fi
++  while [ ! -f $file ]; do
++    sleep 1
++  done
++}
++
++wait_for_file {{ .Values.conf.libvirt.ca_file }}
++wait_for_file /etc/pki/qemu/ca-cert.pem
++
++wait_for_file {{ .Values.conf.libvirt.cert_file }}
++wait_for_file /etc/pki/libvirt/clientcert.pem
++wait_for_file /etc/pki/qemu/server-cert.pem
++wait_for_file /etc/pki/qemu/client-cert.pem
++
++wait_for_file {{ .Values.conf.libvirt.key_file }}
++wait_for_file /etc/pki/libvirt/private/clientkey.pem
++wait_for_file /etc/pki/qemu/server-key.pem
++wait_for_file /etc/pki/qemu/client-key.pem
++
++wait_for_file /etc/pki/libvirt-vnc/ca-cert.pem
++wait_for_file /etc/pki/libvirt-vnc/server-cert.pem
++wait_for_file /etc/pki/libvirt-vnc/server-key.pem
+ 
+ # TODO: We disable cgroup functionality for cgroup v2, we should fix this in the future
+ if $(stat -fc %T /sys/fs/cgroup/ | grep -q cgroup2fs); then
+diff --git b/libvirt/templates/bin/_wait-for-libvirt.sh.tpl a/charts/libvirt/templates/bin/_wait-for-libvirt.sh.tpl
+new file mode 100644
+index 00000000..65eca54b
+--- /dev/null
++++ a/libvirt/templates/bin/_wait-for-libvirt.sh.tpl
+@@ -0,0 +1,27 @@
++#!/bin/bash
++
++{{/*
++Copyright (c) 2023 VEXXHOST, Inc.
++
++Licensed under the Apache License, Version 2.0 (the "License");
++you may not use this file except in compliance with the License.
++You may obtain a copy of the License at
++
++   http://www.apache.org/licenses/LICENSE-2.0
++
++Unless required by applicable law or agreed to in writing, software
++distributed under the License is distributed on an "AS IS" BASIS,
++WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++See the License for the specific language governing permissions and
++limitations under the License.
++*/}}
++
++set -xe
++
++# NOTE(mnaser): We use this script in the postStart hook of the libvirt
++#               container to ensure that the libvirt daemon is running
++#               before we start the exporter.
++until virsh list --all; do
++    echo "Waiting for libvirt to be ready..."
++    sleep 1
++done
+diff --git b/libvirt/templates/configmap-bin.yaml a/charts/libvirt/templates/configmap-bin.yaml
+index 9b74179f..99a0c815 100644
+--- b/libvirt/templates/configmap-bin.yaml
++++ a/libvirt/templates/configmap-bin.yaml
+@@ -26,10 +26,8 @@ data:
+ {{- end }}
+   libvirt.sh: |
+ {{ tuple "bin/_libvirt.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+-{{- if or (eq .Values.conf.libvirt.listen_tls "1") (eq .Values.conf.qemu.vnc_tls "1") }}
+-  cert-init.sh: |
+-{{ tpl .Values.scripts.cert_init_sh . | indent 4 }}
+-{{- end }}
++  wait-for-libvirt.sh: |
++{{ tuple "bin/_wait-for-libvirt.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+ {{- if .Values.conf.ceph.enabled }}
+   ceph-keyring.sh: |
+ {{ tuple "bin/_ceph-keyring.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+diff --git b/libvirt/templates/daemonset-libvirt.yaml a/charts/libvirt/templates/daemonset-libvirt.yaml
+index 35cd6e14..51b3c1f3 100644
+--- b/libvirt/templates/daemonset-libvirt.yaml
++++ a/libvirt/templates/daemonset-libvirt.yaml
+@@ -32,10 +32,6 @@ exec:
+ {{- $configMapName := index . 1 }}
+ {{- $serviceAccountName := index . 2 }}
+ {{- $envAll := index . 3 }}
+-{{- $ssl_enabled := false }}
+-{{- if eq $envAll.Values.conf.libvirt.listen_tls "1" }}
+-{{- $ssl_enabled = true }}
+-{{- end }}
+ {{- with $envAll }}
+ 
+ {{- $mounts_libvirt := .Values.pod.mounts.libvirt.libvirt }}
+@@ -60,6 +56,7 @@ spec:
+       labels:
+ {{ tuple $envAll .Chart.Name $daemonset | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+       annotations:
++        kubectl.kubernetes.io/default-container: libvirt
+ {{- dict "envAll" $envAll "podName" "libvirt-libvirt-default" "containerNames" (list "libvirt") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
+         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
+@@ -79,80 +76,6 @@ spec:
+       initContainers:
+ {{ tuple $envAll "pod_dependency" $mounts_libvirt_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+ {{ dict "envAll" $envAll | include "helm-toolkit.snippets.kubernetes_apparmor_loader_init_container" | indent 8 }}
+-{{- if $ssl_enabled }}
+-        - name: cert-init-api
+-{{ tuple $envAll "kubectl" | include "helm-toolkit.snippets.image" | indent 10 }}
+-{{ dict "envAll" $envAll "application" "libvirt" "container" "cert_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+-          command:
+-            - /tmp/cert-init.sh
+-          env:
+-            - name: TYPE
+-              value: api
+-            - name: ISSUER_KIND
+-              value: {{ .Values.issuers.libvirt.kind }}
+-            - name: ISSUER_NAME
+-              value: {{ .Values.issuers.libvirt.name }}
+-            - name: POD_UID
+-              valueFrom:
+-                fieldRef:
+-                  fieldPath: metadata.uid
+-            - name: POD_NAME
+-              valueFrom:
+-                fieldRef:
+-                  fieldPath: metadata.name
+-            - name: POD_NAMESPACE
+-              valueFrom:
+-                fieldRef:
+-                  fieldPath: metadata.namespace
+-            - name: POD_IP
+-              valueFrom:
+-                fieldRef:
+-                  fieldPath: status.podIP
+-          volumeMounts:
+-            - name: pod-tmp
+-              mountPath: /tmp
+-            - name: libvirt-bin
+-              mountPath: /tmp/cert-init.sh
+-              subPath: cert-init.sh
+-              readOnly: true
+-{{- end }}
+-{{- if eq .Values.conf.qemu.vnc_tls "1" }}
+-        - name: cert-init-vnc
+-{{ tuple $envAll "kubectl" | include "helm-toolkit.snippets.image" | indent 10 }}
+-{{ dict "envAll" $envAll "application" "libvirt" "container" "cert_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+-          command:
+-            - /tmp/cert-init.sh
+-          env:
+-            - name: TYPE
+-              value: vnc
+-            - name: ISSUER_KIND
+-              value: {{ .Values.issuers.vencrypt.kind }}
+-            - name: ISSUER_NAME
+-              value: {{ .Values.issuers.vencrypt.name }}
+-            - name: POD_UID
+-              valueFrom:
+-                fieldRef:
+-                  fieldPath: metadata.uid
+-            - name: POD_NAME
+-              valueFrom:
+-                fieldRef:
+-                  fieldPath: metadata.name
+-            - name: POD_NAMESPACE
+-              valueFrom:
+-                fieldRef:
+-                  fieldPath: metadata.namespace
+-            - name: POD_IP
+-              valueFrom:
+-                fieldRef:
+-                  fieldPath: status.podIP
+-          volumeMounts:
+-            - name: pod-tmp
+-              mountPath: /tmp
+-            - name: libvirt-bin
+-              mountPath: /tmp/cert-init.sh
+-              subPath: cert-init.sh
+-              readOnly: true
+-{{- end }}
+ {{- if .Values.conf.ceph.enabled }}
+         {{- if empty .Values.conf.ceph.cinder.keyring }}
+         - name: ceph-admin-keyring-placement
+@@ -205,6 +128,44 @@ spec:
+               readOnly: true
+ {{- end }}
+       containers:
++        - name: tls-sidecar
++{{ tuple $envAll "libvirt_tls_sidecar" | include "helm-toolkit.snippets.image" | indent 10 }}
++{{ tuple $envAll $envAll.Values.pod.resources.libvirt_tls_sidecar | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
++{{ dict "envAll" $envAll "application" "libvirt" "container" "libvirt_tls_sidecar" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
++          env:
++            - name: API_ISSUER_KIND
++              value: {{ .Values.issuers.libvirt.kind }}
++            - name: API_ISSUER_NAME
++              value: {{ .Values.issuers.libvirt.name }}
++            - name: VNC_ISSUER_KIND
++              value: {{ .Values.issuers.vencrypt.kind }}
++            - name: VNC_ISSUER_NAME
++              value: {{ .Values.issuers.vencrypt.name }}
++            - name: POD_UID
++              valueFrom:
++                fieldRef:
++                  fieldPath: metadata.uid
++            - name: POD_NAME
++              valueFrom:
++                fieldRef:
++                  fieldPath: metadata.name
++            - name: POD_NAMESPACE
++              valueFrom:
++                fieldRef:
++                  fieldPath: metadata.namespace
++            - name: POD_IP
++              valueFrom:
++                fieldRef:
++                  fieldPath: status.podIP
++          volumeMounts:
++            - name: etc-pki-qemu
++              mountPath: /etc/pki/qemu
++            - name: etc-pki-ca
++              mountPath: /etc/pki/CA
++            - name: etc-pki-libvirt
++              mountPath: /etc/pki/libvirt
++            - name: etc-pki-libvirt-vnc
++              mountPath: /etc/pki/libvirt-vnc
+         - name: libvirt
+ {{ tuple $envAll "libvirt" | include "helm-toolkit.snippets.image" | indent 10 }}
+ {{ tuple $envAll $envAll.Values.pod.resources.libvirt | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+@@ -231,6 +192,10 @@ spec:
+           command:
+             - /tmp/libvirt.sh
+           lifecycle:
++            postStart:
++              exec:
++                command:
++                  - /tmp/wait-for-libvirt.sh
+             preStop:
+               exec:
+                 command:
+@@ -239,16 +204,24 @@ spec:
+                   - |-
+                     kill $(cat /var/run/libvirtd.pid)
+           volumeMounts:
+-{{- if $ssl_enabled }}
+             - name: etc-pki-qemu
+               mountPath: /etc/pki/qemu
+-{{- end }}
++            - name: etc-pki-ca
++              mountPath: /etc/pki/CA
++            - name: etc-pki-libvirt
++              mountPath: /etc/pki/libvirt
++            - name: etc-pki-libvirt-vnc
++              mountPath: /etc/pki/libvirt-vnc
+             - name: pod-tmp
+               mountPath: /tmp
+             - name: libvirt-bin
+               mountPath: /tmp/libvirt.sh
+               subPath: libvirt.sh
+               readOnly: true
++            - name: libvirt-bin
++              mountPath: /tmp/wait-for-libvirt.sh
++              subPath: wait-for-libvirt.sh
++              readOnly: true
+             - name: libvirt-etc
+               mountPath: /etc/libvirt/libvirtd.conf
+               subPath: libvirtd.conf
+@@ -328,11 +301,15 @@ spec:
+               {{- end }}
+         {{- end }}
+       volumes:
+-{{- if $ssl_enabled }}
+         - name: etc-pki-qemu
+           hostPath:
+             path: /etc/pki/qemu
+-{{- end }}
++        - name: etc-pki-ca
++          emptyDir: {}
++        - name: etc-pki-libvirt
++          emptyDir: {}
++        - name: etc-pki-libvirt-vnc
++          emptyDir: {}
+         - name: pod-tmp
+           emptyDir: {}
+         - name: libvirt-bin
+diff --git b/libvirt/templates/role-cert-manager.yaml a/charts/libvirt/templates/role-cert-manager.yaml
+index b830690c..c7f7b3cd 100644
+--- b/libvirt/templates/role-cert-manager.yaml
++++ a/libvirt/templates/role-cert-manager.yaml
+@@ -48,7 +48,9 @@ rules:
+       - ""
+     verbs:
+       - get
++      - list
+       - patch
++      - watch
+     resources:
+       - secrets
+-{{- end -}}
+\ No newline at end of file
++{{- end -}}
+diff --git b/libvirt/values.yaml a/charts/libvirt/values.yaml
+index 207b8fbf..4ab23536 100644
+--- b/libvirt/values.yaml
++++ a/libvirt/values.yaml
+@@ -27,6 +27,7 @@ labels:
+ images:
+   tags:
+     libvirt: docker.io/openstackhelm/libvirt:latest-ubuntu_focal
++    libvirt_tls_sidecar: ghcr.io/vexxhost/atmosphere/libvirt-tls-sidecar:latest
+     libvirt_exporter: vexxhost/libvirtd-exporter:latest
+     ceph_config_helper: 'docker.io/openstackhelm/ceph-config-helper:ubuntu_focal_18.2.0-1-20231013'
+     dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
+@@ -271,55 +272,6 @@ dependencies:
+         - endpoint: internal
+           service: local_image_registry
+ 
+-scripts:
+-  # Script is included here (vs in bin/) to allow overriding.
+-  cert_init_sh: |
+-    #!/bin/bash
+-    set -x
+-
+-    HOSTNAME_FQDN=$(hostname --fqdn)
+-
+-    # Script to create certs for each libvirt pod based on pod IP (by default).
+-    cat <<EOF | kubectl apply -f -
+-    apiVersion: cert-manager.io/v1
+-    kind: Certificate
+-    metadata:
+-      name: ${POD_NAME}-${TYPE}
+-      namespace: ${POD_NAMESPACE}
+-      ownerReferences:
+-        - apiVersion: v1
+-          kind: Pod
+-          name: ${POD_NAME}
+-          uid: ${POD_UID}
+-    spec:
+-      secretName: ${POD_NAME}-${TYPE}
+-      commonName: ${POD_IP}
+-      usages:
+-      - client auth
+-      - server auth
+-      dnsNames:
+-      - ${HOSTNAME}
+-      - ${HOSTNAME_FQDN}
+-      ipAddresses:
+-      - ${POD_IP}
+-      issuerRef:
+-        kind: ${ISSUER_KIND}
+-        name: ${ISSUER_NAME}
+-    EOF
+-
+-    kubectl -n ${POD_NAMESPACE} wait --for=condition=Ready --timeout=300s \
+-      certificate/${POD_NAME}-${TYPE}
+-
+-    # NOTE(mnaser): cert-manager does not clean-up the secrets when the certificate
+-    #               is deleted, so we should add an owner reference to the secret
+-    #               to ensure that it is cleaned up when the pod is deleted.
+-    kubectl -n ${POD_NAMESPACE} patch secret ${POD_NAME}-${TYPE} \
+-      --type=json -p='[{"op": "add", "path": "/metadata/ownerReferences", "value": [{"apiVersion": "v1", "kind": "Pod", "name": "'${POD_NAME}'", "uid": "'${POD_UID}'"}]}]'
+-
+-    kubectl -n ${POD_NAMESPACE} get secret ${POD_NAME}-${TYPE} -o jsonpath='{.data.tls\.crt}' | base64 -d > /tmp/${TYPE}.crt
+-    kubectl -n ${POD_NAMESPACE} get secret ${POD_NAME}-${TYPE} -o jsonpath='{.data.tls\.key}' | base64 -d > /tmp/${TYPE}.key
+-    kubectl -n ${POD_NAMESPACE} get secret ${POD_NAME}-${TYPE} -o jsonpath='{.data.ca\.crt}' | base64 -d > /tmp/${TYPE}-ca.crt
+-
+ manifests:
+   configmap_bin: true
+   configmap_etc: true
diff --git a/charts/patches/magnum/0001-tune-uwsgi-config.patch b/charts/patches/magnum/0001-tune-uwsgi-config.patch
new file mode 100644
index 0000000..3a0d903
--- /dev/null
+++ b/charts/patches/magnum/0001-tune-uwsgi-config.patch
@@ -0,0 +1,25 @@
+diff --git b/magnum/values.yaml a/charts/magnum/values.yaml
+index 56232eb8..88b4203e 100644
+--- b/magnum/values.yaml
++++ a/magnum/values.yaml
+@@ -161,15 +161,20 @@ conf:
+     uwsgi:
+       add-header: "Connection: close"
+       buffer-size: 65535
++      chunked-input-limit: "4096000"
+       die-on-term: true
+       enable-threads: true
+       exit-on-reload: false
+       hook-master-start: unix_signal:15 gracefully_kill_them_all
++      http-auto-chunked: true
++      http-raw-body: true
+       lazy-apps: true
+       log-x-forwarded-for: true
+       master: true
++      need-app: true
+       procname-prefix-spaced: "magnum-api:"
+       route-user-agent: '^kube-probe.* donotlog:'
++      socket-timeout: 10
+       thunder-lock: true
+       worker-reload-mercy: 80
+       wsgi-file: /var/lib/openstack/bin/magnum-api-wsgi
diff --git a/charts/patches/manila/0001-tune-uwsgi-config.patch b/charts/patches/manila/0001-tune-uwsgi-config.patch
new file mode 100644
index 0000000..cd87606
--- /dev/null
+++ b/charts/patches/manila/0001-tune-uwsgi-config.patch
@@ -0,0 +1,25 @@
+diff --git b/manila/values.yaml a/charts/manila/values.yaml
+index e54f214c..f820bc1f 100644
+--- b/manila/values.yaml
++++ a/manila/values.yaml
+@@ -806,15 +806,20 @@ conf:
+     uwsgi:
+       add-header: "Connection: close"
+       buffer-size: 65535
++      chunked-input-limit: "4096000"
+       die-on-term: true
+       enable-threads: true
+       exit-on-reload: false
+       hook-master-start: unix_signal:15 gracefully_kill_them_all
++      http-auto-chunked: true
++      http-raw-body: true
+       lazy-apps: true
+       log-x-forwarded-for: true
+       master: true
++      need-app: true
+       procname-prefix-spaced: "manila-api:"
+       route-user-agent: '^kube-probe.* donotlog:'
++      socket-timeout: 10
+       thunder-lock: true
+       worker-reload-mercy: 80
+       wsgi-file: /var/lib/openstack/bin/manila-wsgi
diff --git a/charts/patches/nova/0001-tune-uwsgi-config.patch b/charts/patches/nova/0001-tune-uwsgi-config.patch
new file mode 100644
index 0000000..eb6e791
--- /dev/null
+++ b/charts/patches/nova/0001-tune-uwsgi-config.patch
@@ -0,0 +1,46 @@
+diff --git b/nova/values.yaml a/charts/nova/values.yaml
+index df2e2ff6..fe02e605 100644
+--- b/nova/values.yaml
++++ a/nova/values.yaml
+@@ -1539,15 +1539,20 @@ conf:
+     uwsgi:
+       add-header: "Connection: close"
+       buffer-size: 65535
++      chunked-input-limit: "4096000"
+       die-on-term: true
+       enable-threads: true
+       exit-on-reload: false
+       hook-master-start: unix_signal:15 gracefully_kill_them_all
++      http-auto-chunked: true
++      http-raw-body: true
+       lazy-apps: true
+       log-x-forwarded-for: true
+       master: true
++      need-app: true
+       procname-prefix-spaced: "nova-api:"
+       route-user-agent: '^kube-probe.* donotlog:'
++      socket-timeout: 10
+       thunder-lock: true
+       worker-reload-mercy: 80
+       wsgi-file: /var/lib/openstack/bin/nova-api-wsgi
+@@ -1555,15 +1560,20 @@ conf:
+     uwsgi:
+       add-header: "Connection: close"
+       buffer-size: 65535
++      chunked-input-limit: 4096000
+       die-on-term: true
+       enable-threads: true
+       exit-on-reload: false
+       hook-master-start: unix_signal:15 gracefully_kill_them_all
++      http-auto-chunked: true
++      http-raw-body: true
+       lazy-apps: true
+       log-x-forwarded-for: true
+       master: true
++      need-app: true
+       procname-prefix-spaced: "nova-metadata:"
+       route-user-agent: '^kube-probe.* donotlog:'
++      socket-timeout: 10
+       thunder-lock: true
+       worker-reload-mercy: 80
+       wsgi-file: /var/lib/openstack/bin/nova-metadata-wsgi
diff --git a/charts/patches/octavia/0001-tune-uwsgi-config.patch b/charts/patches/octavia/0001-tune-uwsgi-config.patch
new file mode 100644
index 0000000..209e413
--- /dev/null
+++ b/charts/patches/octavia/0001-tune-uwsgi-config.patch
@@ -0,0 +1,25 @@
+diff --git b/octavia/values.yaml a/charts/octavia/values.yaml
+index 699aa05d..b15114a5 100644
+--- b/octavia/values.yaml
++++ a/octavia/values.yaml
+@@ -336,15 +336,20 @@ conf:
+       processes: 4
+       add-header: "Connection: close"
+       buffer-size: 65535
++      chunked-input-limit: "4096000"
+       die-on-term: true
+       enable-threads: true
+       exit-on-reload: false
+       hook-master-start: unix_signal:15 gracefully_kill_them_all
++      http-auto-chunked: true
++      http-raw-body: true
+       lazy-apps: true
+       log-x-forwarded-for: true
+       master: true
++      need-app: true
+       procname-prefix-spaced: "octavia-api:"
+       route-user-agent: '^kube-probe.* donotlog:'
++      socket-timeout: 10
+       thunder-lock: true
+       worker-reload-mercy: 80
+       wsgi-file: /var/lib/openstack/bin/octavia-wsgi
diff --git a/charts/patches/ovn/0001-switch-to-ovn-kubernetes.patch b/charts/patches/ovn/0001-switch-to-ovn-kubernetes.patch
new file mode 100644
index 0000000..f8dc4c1
--- /dev/null
+++ b/charts/patches/ovn/0001-switch-to-ovn-kubernetes.patch
@@ -0,0 +1,1015 @@
+diff --git b/ovn/templates/bin/_ovn-controller-init.sh.tpl a/charts/ovn/templates/bin/_ovn-controller-init.sh.tpl
+index 1e61577d..77e1e687 100644
+--- b/ovn/templates/bin/_ovn-controller-init.sh.tpl
++++ a/ovn/templates/bin/_ovn-controller-init.sh.tpl
+@@ -14,6 +14,8 @@
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+ 
++ANNOTATION_KEY="atmosphere.cloud/ovn-system-id"
++
+ function get_ip_address_from_interface {
+   local interface=$1
+   local ip=$(ip -4 -o addr s "${interface}" | awk '{ print $4; exit }' | awk -F '/' '{print $1}')
+@@ -75,6 +77,19 @@ function migrate_ip_from_nic {
+   set -e
+ }
+ 
++function get_current_system_id {
++  ovs-vsctl --if-exists get Open_vSwitch . external_ids:system-id | tr -d '"'
++}
++
++function get_stored_system_id {
++  kubectl get node "$NODE_NAME" -o "jsonpath={.metadata.annotations.atmosphere\.cloud/ovn-system-id}"
++}
++
++function store_system_id() {
++  local system_id=$1
++  kubectl annotate node "$NODE_NAME" "$ANNOTATION_KEY=$system_id"
++}
++
+ # Detect tunnel interface
+ tunnel_interface="{{- .Values.network.interface.tunnel -}}"
+ if [ -z "${tunnel_interface}" ] ; then
+@@ -89,13 +104,25 @@ if [ -z "${tunnel_interface}" ] ; then
+ fi
+ ovs-vsctl set open . external_ids:ovn-encap-ip="$(get_ip_address_from_interface ${tunnel_interface})"
+ 
+-# Configure system ID
+-set +e
+-ovs-vsctl get open . external-ids:system-id
+-if [ $? -eq 1 ]; then
+-  ovs-vsctl set open . external-ids:system-id="$(uuidgen)"
++# Get the stored system-id from the Kubernetes node annotation
++stored_system_id=$(get_stored_system_id)
++
++# Get the current system-id set in OVS
++current_system_id=$(get_current_system_id)
++
++if [ -n "$stored_system_id" ] && [ "$stored_system_id" != "$current_system_id" ]; then
++  # If the annotation exists and does not match the current system-id, set the system-id to the stored one
++  ovs-vsctl set Open_vSwitch . external_ids:system-id="$stored_system_id"
++elif [ -z "$current_system_id" ]; then
++  # If no current system-id is set, generate a new one
++  current_system_id=$(uuidgen)
++  ovs-vsctl set Open_vSwitch . external_ids:system-id="$current_system_id"
++  # Store the new system-id in the Kubernetes node annotation
++  store_system_id "$current_system_id"
++elif [ -z "$stored_system_id" ]; then
++  # If there is no stored system-id, store the current one
++  store_system_id "$current_system_id"
+ fi
+-set -e
+ 
+ # Configure OVN remote
+ {{- if empty .Values.conf.ovn_remote -}}
+@@ -118,6 +145,9 @@ ovs-vsctl set open . external-ids:ovn-encap-type="{{ .Values.conf.ovn_encap_type
+ ovs-vsctl set open . external-ids:ovn-bridge="{{ .Values.conf.ovn_bridge }}"
+ ovs-vsctl set open . external-ids:ovn-bridge-mappings="{{ .Values.conf.ovn_bridge_mappings }}"
+ ovs-vsctl set open . external-ids:ovn-cms-options="${OVN_CMS_OPTIONS}"
++{{ if .Values.conf.ovn_bridge_datapath_type -}}
++ovs-vsctl set open . external-ids:ovn-bridge-datapath-type="{{ .Values.conf.ovn_bridge_datapath_type }}"
++{{- end }}
+ 
+ # Configure hostname
+ {{- if .Values.conf.use_fqdn.compute }}
+diff --git b/ovn/templates/clusterrole-controller.yaml a/charts/ovn/templates/clusterrole-controller.yaml
+new file mode 100644
+index 00000000..8291f65a
+--- /dev/null
++++ a/ovn/templates/clusterrole-controller.yaml
+@@ -0,0 +1,12 @@
++apiVersion: rbac.authorization.k8s.io/v1
++kind: ClusterRole
++metadata:
++  name: ovn-controller
++rules:
++- apiGroups:
++  - ""
++  resources:
++  - nodes
++  verbs:
++  - get
++  - patch
+diff --git b/ovn/templates/clusterrolebinding-controller.yaml a/charts/ovn/templates/clusterrolebinding-controller.yaml
+new file mode 100644
+index 00000000..c95ef5e9
+--- /dev/null
++++ a/ovn/templates/clusterrolebinding-controller.yaml
+@@ -0,0 +1,15 @@
++apiVersion: rbac.authorization.k8s.io/v1
++kind: ClusterRoleBinding
++metadata:
++  name: ovn-controller
++roleRef:
++  apiGroup: rbac.authorization.k8s.io
++  kind: ClusterRole
++  name: ovn-controller
++subjects:
++- kind: ServiceAccount
++  name: ovn-controller
++  namespace: {{ .Release.Namespace }}
++- kind: ServiceAccount
++  name: ovn-controller-gw
++  namespace: {{ .Release.Namespace }}
+diff --git b/ovn/templates/configmap-bin.yaml a/charts/ovn/templates/configmap-bin.yaml
+index a849dd8a..82001f99 100644
+--- b/ovn/templates/configmap-bin.yaml
++++ a/ovn/templates/configmap-bin.yaml
+@@ -24,12 +24,6 @@ data:
+   image-repo-sync.sh: |
+ {{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }}
+ {{- end }}
+-  ovsdb-server.sh: |
+-{{ tuple "bin/_ovsdb-server.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+-  ovn-northd.sh: |
+-{{ tuple "bin/_ovn-northd.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+   ovn-controller-init.sh: |
+ {{ tuple "bin/_ovn-controller-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+-  ovn-controller.sh: |
+-{{ tuple "bin/_ovn-controller.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+ {{- end }}
+diff --git b/ovn/templates/daemonset-controller-gw.yaml a/charts/ovn/templates/daemonset-controller-gw.yaml
+index 6307bbab..eb309c5e 100644
+--- b/ovn/templates/daemonset-controller-gw.yaml
++++ a/ovn/templates/daemonset-controller-gw.yaml
+@@ -12,6 +12,15 @@ See the License for the specific language governing permissions and
+ limitations under the License.
+ */}}
+ 
++{{- define "controllerGatewayReadinessProbeTemplate" }}
++exec:
++  command:
++    - /usr/bin/ovn-kube-util
++    - readiness-probe
++    - -t
++    - ovn-controller
++{{- end }}
++
+ {{- if .Values.manifests.daemonset_ovn_controller_gw }}
+ {{- $envAll := . }}
+ 
+@@ -59,6 +68,10 @@ spec:
+           env:
+             - name: OVN_CMS_OPTIONS
+               value: {{ .Values.conf.gw_ovn_cms_options | quote }}
++            - name: NODE_NAME
++              valueFrom:
++                fieldRef:
++                  fieldPath: spec.nodeName
+           volumeMounts:
+             - name: ovn-bin
+               mountPath: /tmp/ovn-controller-init.sh
+@@ -72,25 +85,33 @@ spec:
+               readOnly: true
+       containers:
+         - name: controller
++          command:
++            - /root/ovnkube.sh
++            - ovn-controller
+ {{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
+ {{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+ {{ dict "envAll" $envAll "application" "ovn_controller_gw" "container" "controller" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+-          command:
+-            - /tmp/ovn-controller.sh
+-            - start
+-          lifecycle:
+-            preStop:
+-              exec:
+-                command:
+-                  - /tmp/ovn-controller.sh
+-                  - stop
++{{ dict "envAll" . "component" "ovn_controller_gw" "container" "controller" "type" "readiness" "probeTemplate" (include "controllerGatewayReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
++          env:
++            - name: OVN_DAEMONSET_VERSION
++              value: "3"
++            - name: OVN_LOGLEVEL_CONTROLLER
++              value: "-vconsole:info -vfile:info"
++            - name: OVN_KUBERNETES_NAMESPACE
++              valueFrom:
++                fieldRef:
++                  fieldPath: metadata.namespace
++            - name: OVN_KUBERNETES_NB_STATEFULSET
++              value: ovn-ovsdb-nb
++            - name: OVN_KUBERNETES_SB_STATEFULSET
++              value: ovn-ovsdb-sb
++            - name: OVN_SSL_ENABLE
++              value: "no"
+           volumeMounts:
+-            - name: ovn-bin
+-              mountPath: /tmp/ovn-controller.sh
+-              subPath: ovn-controller.sh
+-              readOnly: true
+             - name: run-openvswitch
+-              mountPath: /run/openvswitch
++              mountPath: /var/run/ovn
++            - name: run-openvswitch
++              mountPath: /var/run/openvswitch
+       volumes:
+         - name: ovn-bin
+           configMap:
+diff --git b/ovn/templates/daemonset-controller.yaml a/charts/ovn/templates/daemonset-controller.yaml
+index 85daf70b..b6b0b048 100644
+--- b/ovn/templates/daemonset-controller.yaml
++++ a/ovn/templates/daemonset-controller.yaml
+@@ -12,6 +12,15 @@ See the License for the specific language governing permissions and
+ limitations under the License.
+ */}}
+ 
++{{- define "controllerReadinessProbeTemplate" }}
++exec:
++  command:
++    - /usr/bin/ovn-kube-util
++    - readiness-probe
++    - -t
++    - ovn-controller
++{{- end }}
++
+ {{- if .Values.manifests.daemonset_ovn_controller }}
+ {{- $envAll := . }}
+ 
+@@ -59,6 +68,10 @@ spec:
+           env:
+             - name: OVN_CMS_OPTIONS
+               value: {{ .Values.conf.ovn_cms_options | quote }}
++            - name: NODE_NAME
++              valueFrom:
++                fieldRef:
++                  fieldPath: spec.nodeName
+           volumeMounts:
+             - name: ovn-bin
+               mountPath: /tmp/ovn-controller-init.sh
+@@ -72,25 +85,33 @@ spec:
+               readOnly: true
+       containers:
+         - name: controller
++          command:
++            - /root/ovnkube.sh
++            - ovn-controller
+ {{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
+ {{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+ {{ dict "envAll" $envAll "application" "ovn_controller" "container" "controller" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+-          command:
+-            - /tmp/ovn-controller.sh
+-            - start
+-          lifecycle:
+-            preStop:
+-              exec:
+-                command:
+-                  - /tmp/ovn-controller.sh
+-                  - stop
++{{ dict "envAll" . "component" "ovn_controller" "container" "controller" "type" "readiness" "probeTemplate" (include "controllerReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
++          env:
++            - name: OVN_DAEMONSET_VERSION
++              value: "3"
++            - name: OVN_LOGLEVEL_CONTROLLER
++              value: "-vconsole:info -vfile:info"
++            - name: OVN_KUBERNETES_NAMESPACE
++              valueFrom:
++                fieldRef:
++                  fieldPath: metadata.namespace
++            - name: OVN_KUBERNETES_NB_STATEFULSET
++              value: ovn-ovsdb-nb
++            - name: OVN_KUBERNETES_SB_STATEFULSET
++              value: ovn-ovsdb-sb
++            - name: OVN_SSL_ENABLE
++              value: "no"
+           volumeMounts:
+-            - name: ovn-bin
+-              mountPath: /tmp/ovn-controller.sh
+-              subPath: ovn-controller.sh
+-              readOnly: true
+             - name: run-openvswitch
+-              mountPath: /run/openvswitch
++              mountPath: /var/run/ovn
++            - name: run-openvswitch
++              mountPath: /var/run/openvswitch
+       volumes:
+         - name: ovn-bin
+           configMap:
+diff --git b/ovn/templates/deployment-northd.yaml a/charts/ovn/templates/deployment-northd.yaml
+index e3afdd05..ae31b357 100644
+--- b/ovn/templates/deployment-northd.yaml
++++ a/ovn/templates/deployment-northd.yaml
+@@ -12,18 +12,13 @@ See the License for the specific language governing permissions and
+ limitations under the License.
+ */}}
+ 
+-{{- define "livenessProbeTemplate" }}
++{{- define "northdReadinessProbeTemplate" }}
+ exec:
+   command:
+-    - /tmp/ovn-northd.sh
+-    - liveness
+-{{- end }}
+-
+-{{- define "readinessProbeTemplate" }}
+-exec:
+-  command:
+-    - /tmp/ovn-northd.sh
+-    - readiness
++    - /usr/bin/ovn-kube-util
++    - readiness-probe
++    - -t
++    - ovn-northd
+ {{- end }}
+ 
+ {{- if .Values.manifests.deployment_northd }}
+@@ -60,28 +55,26 @@ spec:
+ {{- tuple $envAll "ovn_northd" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+       containers:
+         - name: northd
++          command:
++            - /root/ovnkube.sh
++            - run-ovn-northd
+ {{ tuple $envAll "ovn_northd" | include "helm-toolkit.snippets.image" | indent 10 }}
+ {{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+ {{ dict "envAll" $envAll "application" "ovn_northd" "container" "northd" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+-{{ dict "envAll" . "component" "ovn_northd" "container" "northd" "type" "liveness" "probeTemplate" (include "livenessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
+-{{ dict "envAll" . "component" "ovn_northd" "container" "northd" "type" "readiness" "probeTemplate" (include "readinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
+-          command:
+-            - /tmp/ovn-northd.sh
+-            - start
+-          lifecycle:
+-            preStop:
+-              exec:
+-                command:
+-                  - /tmp/ovn-northd.sh
+-                  - stop
+-          volumeMounts:
+-            - name: ovn-bin
+-              mountPath: /tmp/ovn-northd.sh
+-              subPath: ovn-northd.sh
+-              readOnly: true
+-      volumes:
+-        - name: ovn-bin
+-          configMap:
+-            name: ovn-bin
+-            defaultMode: 0555
++{{ dict "envAll" . "component" "ovn_northd" "container" "northd" "type" "readiness" "probeTemplate" (include "northdReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
++          env:
++            - name: OVN_DAEMONSET_VERSION
++              value: "3"
++            - name: OVN_LOGLEVEL_NORTHD
++              value: "-vconsole:info -vfile:info"
++            - name: OVN_KUBERNETES_NAMESPACE
++              valueFrom:
++                fieldRef:
++                  fieldPath: metadata.namespace
++            - name: OVN_KUBERNETES_NB_STATEFULSET
++              value: ovn-ovsdb-nb
++            - name: OVN_KUBERNETES_SB_STATEFULSET
++              value: ovn-ovsdb-sb
++            - name: OVN_SSL_ENABLE
++              value: "no"
+ {{- end }}
+diff --git b/ovn/templates/role-controller.yaml a/charts/ovn/templates/role-controller.yaml
+new file mode 100644
+index 00000000..de3cfa6d
+--- /dev/null
++++ a/ovn/templates/role-controller.yaml
+@@ -0,0 +1,11 @@
++apiVersion: rbac.authorization.k8s.io/v1
++kind: Role
++metadata:
++  name: ovn-controller
++rules:
++- apiGroups:
++  - discovery.k8s.io
++  resources:
++  - endpointslices
++  verbs:
++  - list
+diff --git b/ovn/templates/role-northd.yaml a/charts/ovn/templates/role-northd.yaml
+new file mode 100644
+index 00000000..ca02fae6
+--- /dev/null
++++ a/ovn/templates/role-northd.yaml
+@@ -0,0 +1,11 @@
++apiVersion: rbac.authorization.k8s.io/v1
++kind: Role
++metadata:
++  name: ovn-northd
++rules:
++- apiGroups:
++  - discovery.k8s.io
++  resources:
++  - endpointslices
++  verbs:
++  - list
+diff --git b/ovn/templates/role-ovsdb.yaml a/charts/ovn/templates/role-ovsdb.yaml
+new file mode 100644
+index 00000000..10e0e239
+--- /dev/null
++++ a/ovn/templates/role-ovsdb.yaml
+@@ -0,0 +1,19 @@
++apiVersion: rbac.authorization.k8s.io/v1
++kind: Role
++metadata:
++  name: ovn-ovsdb
++rules:
++- apiGroups:
++  - "apps"
++  resources:
++  - statefulsets
++  verbs:
++  - get
++- apiGroups:
++  - ""
++  resources:
++  - pods
++  - endpoints
++  verbs:
++  - list
++  - get
+diff --git b/ovn/templates/rolebinding-controller.yaml a/charts/ovn/templates/rolebinding-controller.yaml
+new file mode 100644
+index 00000000..7973c7e2
+--- /dev/null
++++ a/ovn/templates/rolebinding-controller.yaml
+@@ -0,0 +1,13 @@
++apiVersion: rbac.authorization.k8s.io/v1
++kind: RoleBinding
++metadata:
++  name: ovn-controller
++roleRef:
++  apiGroup: rbac.authorization.k8s.io
++  kind: Role
++  name: ovn-controller
++subjects:
++- kind: ServiceAccount
++  name: ovn-controller
++- kind: ServiceAccount
++  name: ovn-controller-gw
+diff --git b/ovn/templates/rolebinding-northd.yaml a/charts/ovn/templates/rolebinding-northd.yaml
+new file mode 100644
+index 00000000..428a4707
+--- /dev/null
++++ a/ovn/templates/rolebinding-northd.yaml
+@@ -0,0 +1,11 @@
++apiVersion: rbac.authorization.k8s.io/v1
++kind: RoleBinding
++metadata:
++  name: ovn-northd
++roleRef:
++  apiGroup: rbac.authorization.k8s.io
++  kind: Role
++  name: ovn-northd
++subjects:
++- kind: ServiceAccount
++  name: ovn-northd
+diff --git b/ovn/templates/rolebinding-ovsdb.yaml a/charts/ovn/templates/rolebinding-ovsdb.yaml
+new file mode 100644
+index 00000000..f32382bc
+--- /dev/null
++++ a/ovn/templates/rolebinding-ovsdb.yaml
+@@ -0,0 +1,13 @@
++apiVersion: rbac.authorization.k8s.io/v1
++kind: RoleBinding
++metadata:
++  name: ovn-ovsdb
++roleRef:
++  apiGroup: rbac.authorization.k8s.io
++  kind: Role
++  name: ovn-ovsdb
++subjects:
++- kind: ServiceAccount
++  name: ovn-ovsdb-nb
++- kind: ServiceAccount
++  name: ovn-ovsdb-sb
+diff --git b/ovn/templates/service-ovsdb-nb.yaml a/charts/ovn/templates/service-ovsdb-nb.yaml
+index b93da9b8..56f7cd09 100644
+--- b/ovn/templates/service-ovsdb-nb.yaml
++++ a/ovn/templates/service-ovsdb-nb.yaml
+@@ -20,6 +20,7 @@ kind: Service
+ metadata:
+   name: {{ tuple "ovn-ovsdb-nb" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
+ spec:
++  publishNotReadyAddresses: true
+   ports:
+     - name: ovsdb
+       port: {{ tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+diff --git b/ovn/templates/service-ovsdb-sb.yaml a/charts/ovn/templates/service-ovsdb-sb.yaml
+index 70f62c6e..4a6b5864 100644
+--- b/ovn/templates/service-ovsdb-sb.yaml
++++ a/ovn/templates/service-ovsdb-sb.yaml
+@@ -20,6 +20,7 @@ kind: Service
+ metadata:
+   name: {{ tuple "ovn-ovsdb-sb" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
+ spec:
++  publishNotReadyAddresses: true
+   ports:
+     - name: ovsdb
+       port: {{ tuple "ovn-ovsdb-sb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+diff --git b/ovn/templates/statefulset-ovsdb-nb.yaml a/charts/ovn/templates/statefulset-ovsdb-nb.yaml
+index c8198279..4866074e 100644
+--- b/ovn/templates/statefulset-ovsdb-nb.yaml
++++ a/ovn/templates/statefulset-ovsdb-nb.yaml
+@@ -12,6 +12,19 @@ See the License for the specific language governing permissions and
+ limitations under the License.
+ */}}
+ 
++{{- define "ovnnbReadinessProbeTemplate" }}
++exec:
++  command:
++    - /usr/bin/ovn-kube-util
++    - readiness-probe
++    - -t
++{{- if gt (int .Values.pod.replicas.ovn_ovsdb_nb) 1 }}
++    - ovnnb-db-raft
++{{- else }}
++    - ovnnb-db
++{{- end }}
++{{- end }}
++
+ {{- if .Values.manifests.statefulset_ovn_ovsdb_nb }}
+ {{- $envAll := . }}
+ 
+@@ -28,6 +41,7 @@ metadata:
+ {{ tuple $envAll "ovn" "ovn-ovsdb-nb" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
+ spec:
+   serviceName: {{ tuple "ovn-ovsdb-nb" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
++  podManagementPolicy: Parallel
+   replicas: {{ .Values.pod.replicas.ovn_ovsdb_nb }}
+   selector:
+     matchLabels:
+@@ -49,41 +63,54 @@ spec:
+ {{- tuple $envAll "ovn_ovsdb_nb" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+       containers:
+         - name: ovsdb
++          command:
++            - /root/ovnkube.sh
++{{- if gt (int .Values.pod.replicas.ovn_ovsdb_nb) 1 }}
++            - nb-ovsdb-raft
++{{- else }}
++            - nb-ovsdb
++{{- end }}
+ {{ tuple $envAll "ovn_ovsdb_nb" | include "helm-toolkit.snippets.image" | indent 10 }}
+ {{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
++{{ dict "envAll" . "component" "ovn_ovsdb_nb" "container" "ovsdb" "type" "readiness" "probeTemplate" (include "ovnnbReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
+           ports:
+             - containerPort: {{ tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+             - containerPort: {{ tuple "ovn-ovsdb-nb" "internal" "raft" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+           env:
+-            - name: OVS_DATABASE
+-              value: nb
+-            - name: OVS_PORT
++            - name: OVN_DAEMONSET_VERSION
++              value: "3"
++            - name: OVN_LOGLEVEL_NB
++              value: "-vconsole:info -vfile:info"
++            - name: OVN_KUBERNETES_NAMESPACE
++              valueFrom:
++                fieldRef:
++                  fieldPath: metadata.namespace
++            - name: OVN_KUBERNETES_STATEFULSET
++              value: ovn-ovsdb-nb
++            - name: POD_NAME
++              valueFrom:
++                fieldRef:
++                  fieldPath: metadata.name
++            - name: OVN_SSL_ENABLE
++              value: "no"
++            - name: ENABLE_IPSEC
++              value: "false"
++            - name: OVN_NB_RAFT_ELECTION_TIMER
++              value: "1000"
++            - name: OVN_NB_PORT
+               value: {{ tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
+-          command:
+-            - /tmp/ovsdb-server.sh
+-            - start
+-          lifecycle:
+-            preStop:
+-              exec:
+-                command:
+-                  - /tmp/ovsdb-server.sh
+-                  - stop
++            - name: OVN_NB_RAFT_PORT
++              value: {{ tuple "ovn-ovsdb-nb" "internal" "raft" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
+           volumeMounts:
+-            - name: ovn-bin
+-              mountPath: /tmp/ovsdb-server.sh
+-              subPath: ovsdb-server.sh
+-              readOnly: true
+             - name: run-openvswitch
+-              mountPath: /run/openvswitch
++              mountPath: /var/run/openvswitch
++            - name: run-openvswitch
++              mountPath: /var/run/ovn
+             - name: data
+-              mountPath: {{ $envAll.Values.volume.ovn_ovsdb_nb.path }}
++              mountPath: /etc/ovn
+       volumes:
+         - name: run-openvswitch
+           emptyDir: {}
+-        - name: ovn-bin
+-          configMap:
+-            name: ovn-bin
+-            defaultMode: 0555
+ {{- if not .Values.volume.ovn_ovsdb_nb.enabled }}
+         - name: data
+           emptyDir: {}
+diff --git b/ovn/templates/statefulset-ovsdb-sb.yaml a/charts/ovn/templates/statefulset-ovsdb-sb.yaml
+index 916ef94d..92af96de 100644
+--- b/ovn/templates/statefulset-ovsdb-sb.yaml
++++ a/ovn/templates/statefulset-ovsdb-sb.yaml
+@@ -12,6 +12,19 @@ See the License for the specific language governing permissions and
+ limitations under the License.
+ */}}
+ 
++{{- define "ovnsbReadinessProbeTemplate" }}
++exec:
++  command:
++    - /usr/bin/ovn-kube-util
++    - readiness-probe
++    - -t
++{{- if gt (int .Values.pod.replicas.ovn_ovsdb_sb) 1 }}
++    - ovnsb-db-raft
++{{- else }}
++    - ovnsb-db
++{{- end }}
++{{- end }}
++
+ {{- if .Values.manifests.statefulset_ovn_ovsdb_sb }}
+ {{- $envAll := . }}
+ 
+@@ -28,6 +41,7 @@ metadata:
+ {{ tuple $envAll "ovn" "ovn-ovsdb-sb" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
+ spec:
+   serviceName: {{ tuple "ovn-ovsdb-sb" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
++  podManagementPolicy: Parallel
+   replicas: {{ .Values.pod.replicas.ovn_ovsdb_sb }}
+   selector:
+     matchLabels:
+@@ -49,41 +63,54 @@ spec:
+ {{- tuple $envAll "ovn_ovsdb_sb" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+       containers:
+         - name: ovsdb
++          command:
++            - /root/ovnkube.sh
++{{- if gt (int .Values.pod.replicas.ovn_ovsdb_sb) 1 }}
++            - sb-ovsdb-raft
++{{- else }}
++            - sb-ovsdb
++{{- end }}
+ {{ tuple $envAll "ovn_ovsdb_sb" | include "helm-toolkit.snippets.image" | indent 10 }}
+ {{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
++{{ dict "envAll" . "component" "ovn_ovsdb_sb" "container" "ovsdb" "type" "readiness" "probeTemplate" (include "ovnsbReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
+           ports:
+             - containerPort: {{ tuple "ovn-ovsdb-sb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+             - containerPort: {{ tuple "ovn-ovsdb-sb" "internal" "raft" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+           env:
+-            - name: OVS_DATABASE
+-              value: sb
+-            - name: OVS_PORT
++            - name: OVN_DAEMONSET_VERSION
++              value: "3"
++            - name: OVN_LOGLEVEL_SB
++              value: "-vconsole:info -vfile:info"
++            - name: OVN_KUBERNETES_NAMESPACE
++              valueFrom:
++                fieldRef:
++                  fieldPath: metadata.namespace
++            - name: OVN_KUBERNETES_STATEFULSET
++              value: ovn-ovsdb-sb
++            - name: POD_NAME
++              valueFrom:
++                fieldRef:
++                  fieldPath: metadata.name
++            - name: OVN_SSL_ENABLE
++              value: "no"
++            - name: ENABLE_IPSEC
++              value: "false"
++            - name: OVN_SB_RAFT_ELECTION_TIMER
++              value: "1000"
++            - name: OVN_SB_PORT
+               value: {{ tuple "ovn-ovsdb-sb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
+-          command:
+-            - /tmp/ovsdb-server.sh
+-            - start
+-          lifecycle:
+-            preStop:
+-              exec:
+-                command:
+-                  - /tmp/ovsdb-server.sh
+-                  - stop
++            - name: OVN_SB_RAFT_PORT
++              value: {{ tuple "ovn-ovsdb-sb" "internal" "raft" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
+           volumeMounts:
+-            - name: ovn-bin
+-              mountPath: /tmp/ovsdb-server.sh
+-              subPath: ovsdb-server.sh
+-              readOnly: true
+             - name: run-openvswitch
+-              mountPath: /run/openvswitch
++              mountPath: /var/run/openvswitch
++            - name: run-openvswitch
++              mountPath: /var/run/ovn
+             - name: data
+-              mountPath: {{ $envAll.Values.volume.ovn_ovsdb_sb.path }}
++              mountPath: /etc/ovn
+       volumes:
+         - name: run-openvswitch
+           emptyDir: {}
+-        - name: ovn-bin
+-          configMap:
+-            name: ovn-bin
+-            defaultMode: 0555
+ {{- if not .Values.volume.ovn_ovsdb_sb.enabled }}
+         - name: data
+           emptyDir: {}
+@@ -93,10 +120,10 @@ spec:
+         name: data
+       spec:
+         accessModes: ["ReadWriteOnce"]
++        storageClassName: {{ $envAll.Values.volume.ovn_ovsdb_sb.class_name }}
+         resources:
+           requests:
+             storage: {{ $envAll.Values.volume.ovn_ovsdb_sb.size }}
+-        storageClassName: {{ $envAll.Values.volume.ovn_ovsdb_sb.class_name }}
+ {{- end }}
+ 
+ {{- end }}
+diff --git b/ovn/values.yaml a/charts/ovn/values.yaml
+index 518dd71e..214dd16f 100644
+--- b/ovn/values.yaml
++++ a/ovn/values.yaml
+@@ -52,12 +52,10 @@ labels:
+ 
+ volume:
+   ovn_ovsdb_nb:
+-    path: /var/lib/ovn
+     enabled: true
+     class_name: general
+     size: 5Gi
+   ovn_ovsdb_sb:
+-    path: /var/lib/ovn
+     enabled: true
+     class_name: general
+     size: 5Gi
+@@ -76,6 +74,8 @@ conf:
+   ovn_encap_type: geneve
+   ovn_bridge: br-int
+   ovn_bridge_mappings: external:br-ex
++  # For DPDK enabled environments, enable netdev datapath type for br-int
++  # ovn_bridge_datapath_type: netdev
+ 
+   # auto_bridge_add:
+   #   br-private: eth0
+@@ -138,13 +138,41 @@ pod:
+         readiness:
+           enabled: true
+           params:
+-            initialDelaySeconds: 5
+-            timeoutSeconds: 10
+-        liveness:
++            initialDelaySeconds: 30
++            timeoutSeconds: 30
++            periodSeconds: 60
++    ovn_ovsdb_nb:
++      ovsdb:
++        readiness:
++          enabled: true
++          params:
++            initialDelaySeconds: 30
++            timeoutSeconds: 30
++            periodSeconds: 60
++    ovn_ovsdb_sb:
++      ovsdb:
++        readiness:
++          enabled: true
++          params:
++            initialDelaySeconds: 30
++            timeoutSeconds: 30
++            periodSeconds: 60
++    ovn_controller:
++      controller:
++        readiness:
++          enabled: true
++          params:
++            initialDelaySeconds: 30
++            timeoutSeconds: 30
++            periodSeconds: 60
++    ovn_controller_gw:
++      controller:
++        readiness:
+           enabled: true
+           params:
+-            initialDelaySeconds: 5
+-            timeoutSeconds: 10
++            initialDelaySeconds: 30
++            timeoutSeconds: 30
++            periodSeconds: 60
+   dns_policy: "ClusterFirstWithHostNet"
+   replicas:
+     ovn_ovsdb_nb: 1
+@@ -179,18 +207,18 @@ pod:
+     ovs:
+       ovn_ovsdb_nb:
+         requests:
+-          memory: "128Mi"
++          memory: "384Mi"
+           cpu: "100m"
+         limits:
+           memory: "1024Mi"
+-          cpu: "2000m"
++          cpu: "1000m"
+       ovn_ovsdb_sb:
+         requests:
+-          memory: "128Mi"
++          memory: "384Mi"
+           cpu: "100m"
+         limits:
+           memory: "1024Mi"
+-          cpu: "2000m"
++          cpu: "1000m"
+       ovn_northd:
+         requests:
+           memory: "128Mi"
+diff --git b/ovn/templates/bin/_ovn-controller.sh.tpl a/charts/ovn/templates/bin/_ovn-controller.sh.tpl
+deleted file mode 100644
+index ecb659d2..00000000
+--- b/ovn/templates/bin/_ovn-controller.sh.tpl
++++ /dev/null
+@@ -1,39 +0,0 @@
+-#!/bin/bash -xe
+-
+-# Copyright 2023 VEXXHOST, Inc.
+-#
+-# Licensed under the Apache License, Version 2.0 (the "License");
+-# you may not use this file except in compliance with the License.
+-# You may obtain a copy of the License at
+-#
+-#    http://www.apache.org/licenses/LICENSE-2.0
+-#
+-# Unless required by applicable law or agreed to in writing, software
+-# distributed under the License is distributed on an "AS IS" BASIS,
+-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-# See the License for the specific language governing permissions and
+-# limitations under the License.
+-
+-COMMAND="${@:-start}"
+-
+-function start () {
+-  /usr/share/ovn/scripts/ovn-ctl start_controller \
+-    --ovn-manage-ovsdb=no
+-
+-  tail --follow=name /var/log/ovn/ovn-controller.log
+-}
+-
+-function stop () {
+-  /usr/share/ovn/scripts/ovn-ctl stop_controller
+-  pkill tail
+-}
+-
+-function liveness () {
+-  ovs-appctl -t /var/run/ovn/ovn-controller.$(cat /var/run/ovn/ovn-controller.pid).ctl status
+-}
+-
+-function readiness () {
+-  ovs-appctl -t /var/run/ovn/ovn-controller.$(cat /var/run/ovn/ovn-controller.pid).ctl status
+-}
+-
+-$COMMAND
+diff --git b/ovn/templates/bin/_ovn-northd.sh.tpl a/charts/ovn/templates/bin/_ovn-northd.sh.tpl
+deleted file mode 100644
+index fefd793c..00000000
+--- b/ovn/templates/bin/_ovn-northd.sh.tpl
++++ /dev/null
+@@ -1,57 +0,0 @@
+-#!/bin/bash -xe
+-
+-# Copyright 2023 VEXXHOST, Inc.
+-#
+-# Licensed under the Apache License, Version 2.0 (the "License");
+-# you may not use this file except in compliance with the License.
+-# You may obtain a copy of the License at
+-#
+-#    http://www.apache.org/licenses/LICENSE-2.0
+-#
+-# Unless required by applicable law or agreed to in writing, software
+-# distributed under the License is distributed on an "AS IS" BASIS,
+-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-# See the License for the specific language governing permissions and
+-# limitations under the License.
+-
+-COMMAND="${@:-start}"
+-
+-{{- $nb_svc_name := "ovn-ovsdb-nb" -}}
+-{{- $nb_svc := (tuple $nb_svc_name "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup") -}}
+-{{- $nb_port := (tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup") -}}
+-{{- $nb_service_list := list -}}
+-{{- range $i := until (.Values.pod.replicas.ovn_ovsdb_nb | int) -}}
+-  {{- $nb_service_list = printf "tcp:%s-%d.%s:%s" $nb_svc_name $i $nb_svc $nb_port | append $nb_service_list -}}
+-{{- end -}}
+-
+-{{- $sb_svc_name := "ovn-ovsdb-sb" -}}
+-{{- $sb_svc := (tuple $sb_svc_name "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup") -}}
+-{{- $sb_port := (tuple "ovn-ovsdb-sb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup") -}}
+-{{- $sb_service_list := list -}}
+-{{- range $i := until (.Values.pod.replicas.ovn_ovsdb_sb | int) -}}
+-  {{- $sb_service_list = printf "tcp:%s-%d.%s:%s" $sb_svc_name $i $sb_svc $sb_port | append $sb_service_list -}}
+-{{- end }}
+-
+-function start () {
+-  /usr/share/ovn/scripts/ovn-ctl start_northd \
+-    --ovn-manage-ovsdb=no \
+-    --ovn-northd-nb-db={{ include "helm-toolkit.utils.joinListWithComma" $nb_service_list }} \
+-    --ovn-northd-sb-db={{ include "helm-toolkit.utils.joinListWithComma" $sb_service_list }}
+-
+-  tail --follow=name /var/log/ovn/ovn-northd.log
+-}
+-
+-function stop () {
+-  /usr/share/ovn/scripts/ovn-ctl stop_northd
+-  pkill tail
+-}
+-
+-function liveness () {
+-  ovs-appctl -t /var/run/ovn/ovn-northd.$(cat /var/run/ovn/ovn-northd.pid).ctl status
+-}
+-
+-function readiness () {
+-  ovs-appctl -t /var/run/ovn/ovn-northd.$(cat /var/run/ovn/ovn-northd.pid).ctl status
+-}
+-
+-$COMMAND
+diff --git b/ovn/templates/bin/_ovsdb-server.sh.tpl a/charts/ovn/templates/bin/_ovsdb-server.sh.tpl
+deleted file mode 100644
+index e023505b..00000000
+--- b/ovn/templates/bin/_ovsdb-server.sh.tpl
++++ /dev/null
+@@ -1,72 +0,0 @@
+-#!/bin/bash -xe
+-
+-# Copyright 2023 VEXXHOST, Inc.
+-#
+-# Licensed under the Apache License, Version 2.0 (the "License");
+-# you may not use this file except in compliance with the License.
+-# You may obtain a copy of the License at
+-#
+-#    http://www.apache.org/licenses/LICENSE-2.0
+-#
+-# Unless required by applicable law or agreed to in writing, software
+-# distributed under the License is distributed on an "AS IS" BASIS,
+-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-# See the License for the specific language governing permissions and
+-# limitations under the License.
+-
+-COMMAND="${@:-start}"
+-
+-OVSDB_HOST=$(hostname -f)
+-ARGS=(
+-  --db-${OVS_DATABASE}-create-insecure-remote=yes
+-  --db-${OVS_DATABASE}-cluster-local-proto=tcp
+-  --db-${OVS_DATABASE}-cluster-local-addr=$(hostname -f)
+-)
+-
+-if [[ ! $HOSTNAME == *-0 && $OVSDB_HOST =~ (.+)-([0-9]+)\. ]]; then
+-  OVSDB_BOOTSTRAP_HOST="${BASH_REMATCH[1]}-0.${OVSDB_HOST#*.}"
+-
+-  ARGS+=(
+-    --db-${OVS_DATABASE}-cluster-remote-proto=tcp
+-    --db-${OVS_DATABASE}-cluster-remote-addr=${OVSDB_BOOTSTRAP_HOST}
+-  )
+-fi
+-
+-function start () {
+-  /usr/share/ovn/scripts/ovn-ctl start_${OVS_DATABASE}_ovsdb ${ARGS[@]}
+-
+-  tail --follow=name /var/log/ovn/ovsdb-server-${OVS_DATABASE}.log
+-}
+-
+-function stop () {
+-  /usr/share/ovn/scripts/ovn-ctl stop_${OVS_DATABASE}_ovsdb
+-  pkill tail
+-}
+-
+-function liveness () {
+-  if [[ $OVS_DATABASE == "nb" ]]; then
+-    OVN_DATABASE="Northbound"
+-  elif [[ $OVS_DATABASE == "sb" ]]; then
+-    OVN_DATABASE="Southbound"
+-  else
+-    echo "OVS_DATABASE must be nb or sb"
+-    exit 1
+-  fi
+-
+-  ovs-appctl -t /var/run/ovn/ovn${OVS_DATABASE}_db.ctl cluster/status OVN_${OVN_DATABASE}
+-}
+-
+-function readiness () {
+-  if [[ $OVS_DATABASE == "nb" ]]; then
+-    OVN_DATABASE="Northbound"
+-  elif [[ $OVS_DATABASE == "sb" ]]; then
+-    OVN_DATABASE="Southbound"
+-  else
+-    echo "OVS_DATABASE must be nb or sb"
+-    exit 1
+-  fi
+-
+-  ovs-appctl -t /var/run/ovn/ovn${OVS_DATABASE}_db.ctl cluster/status OVN_${OVN_DATABASE}
+-}
+-
+-$COMMAND
diff --git a/charts/patches/placement/0001-tune-uwsgi-config.patch b/charts/patches/placement/0001-tune-uwsgi-config.patch
new file mode 100644
index 0000000..7a1597f
--- /dev/null
+++ b/charts/patches/placement/0001-tune-uwsgi-config.patch
@@ -0,0 +1,25 @@
+diff --git b/placement/values.yaml a/charts/placement/values.yaml
+index 2f4b3539..c5752676 100644
+--- b/placement/values.yaml
++++ a/placement/values.yaml
+@@ -141,15 +141,20 @@ conf:
+       processes: 4
+       add-header: "Connection: close"
+       buffer-size: 65535
++      chunked-input-limit: "4096000"
+       die-on-term: true
+       enable-threads: true
+       exit-on-reload: false
+       hook-master-start: unix_signal:15 gracefully_kill_them_all
++      http-auto-chunked: true
++      http-raw-body: true
+       lazy-apps: true
+       log-x-forwarded-for: true
+       master: true
++      need-app: true
+       procname-prefix-spaced: "placement-api:"
+       route-user-agent: '^kube-probe.* donotlog:'
++      socket-timeout: 10
+       thunder-lock: true
+       worker-reload-mercy: 80
+       wsgi-file: /var/lib/openstack/bin/placement-api
diff --git a/charts/patches/senlin/0001-tune-uwsgi-config.patch b/charts/patches/senlin/0001-tune-uwsgi-config.patch
new file mode 100644
index 0000000..0c96c34
--- /dev/null
+++ b/charts/patches/senlin/0001-tune-uwsgi-config.patch
@@ -0,0 +1,25 @@
+diff --git b/senlin/values.yaml a/charts/senlin/values.yaml
+index d4f72483..5631c58b 100644
+--- b/senlin/values.yaml
++++ a/senlin/values.yaml
+@@ -208,15 +215,20 @@ conf:
+     uwsgi:
+       add-header: "Connection: close"
+       buffer-size: 65535
++      chunked-input-limit: "4096000"
+       die-on-term: true
+       enable-threads: true
+       exit-on-reload: false
+       hook-master-start: unix_signal:15 gracefully_kill_them_all
++      http-auto-chunked: true
++      http-raw-body: true
+       lazy-apps: true
+       log-x-forwarded-for: true
+       master: true
++      need-app: true
+       procname-prefix-spaced: "senlin-api:"
+       route-user-agent: '^kube-probe.* donotlog:'
++      socket-timeout: 10
+       thunder-lock: true
+       worker-reload-mercy: 80
+       wsgi-file: /var/lib/openstack/bin/senlin-wsgi-api
diff --git a/charts/patches/tempest/0001-mount-results-locally.patch b/charts/patches/tempest/0001-mount-results-locally.patch
new file mode 100644
index 0000000..db1ab3a
--- /dev/null
+++ b/charts/patches/tempest/0001-mount-results-locally.patch
@@ -0,0 +1,23 @@
+diff --git b/tempest/templates/job-run-tests.yaml a/charts/tempest/templates/job-run-tests.yaml
+index fc375235..fa1c3618 100644
+--- b/tempest/templates/job-run-tests.yaml
++++ a/tempest/templates/job-run-tests.yaml
+@@ -97,6 +97,8 @@ spec:
+               subPath: test-whitelist
+               readOnly: true
+ {{- end }}
++            - name: stestr
++              mountPath: /.stestr
+             - name: tempest-reports
+               mountPath: /var/lib/tempest/data
+ {{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.identity.api.internal "path" "/etc/tempest/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
+@@ -113,6 +115,9 @@ spec:
+           configMap:
+             name: tempest-bin
+             defaultMode: 0555
++        - name: stestr
++          hostPath:
++            path: /tmp/stestr
+         - name: tempest-reports
+         {{- if not .Values.pvc.enabled }}
+           emptyDir: {}
diff --git a/charts/placement/charts/helm-toolkit/requirements.lock b/charts/placement/charts/helm-toolkit/requirements.lock
new file mode 100644
index 0000000..808bd94
--- /dev/null
+++ b/charts/placement/charts/helm-toolkit/requirements.lock
@@ -0,0 +1,3 @@
+dependencies: []
+digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726
+generated: '0001-01-01T00:00:00Z'
diff --git a/charts/placement/requirements.lock b/charts/placement/requirements.lock
index 1984052..e346dde 100644
--- a/charts/placement/requirements.lock
+++ b/charts/placement/requirements.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: helm-toolkit
-  repository: file://../../openstack-helm-infra/helm-toolkit
+  repository: https://tarballs.openstack.org/openstack-helm-infra
   version: 0.2.55
-digest: sha256:f25556fa4f0b285a96cbf853e72555c04e65772daf0ffa6b518321e5e249f5ca
-generated: "2023-11-22T20:15:04.838002001Z"
+digest: sha256:92b4001062b365cd9687eb926780c7f64e17e488262c1167339ade0fe600b368
+generated: '0001-01-01T00:00:00Z'
diff --git a/charts/placement/requirements.yaml b/charts/placement/requirements.yaml
index 639dab0..6ab539f 100644
--- a/charts/placement/requirements.yaml
+++ b/charts/placement/requirements.yaml
@@ -1,18 +1,4 @@
-# Copyright 2019 Intel Corporation.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
 dependencies:
-  - name: helm-toolkit
-    repository: file://../../openstack-helm-infra/helm-toolkit
-    version: ">= 0.1.0"
+- name: helm-toolkit
+  repository: https://tarballs.openstack.org/openstack-helm-infra
+  version: 0.2.55
diff --git a/charts/senlin/charts/helm-toolkit/requirements.lock b/charts/senlin/charts/helm-toolkit/requirements.lock
new file mode 100644
index 0000000..808bd94
--- /dev/null
+++ b/charts/senlin/charts/helm-toolkit/requirements.lock
@@ -0,0 +1,3 @@
+dependencies: []
+digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726
+generated: '0001-01-01T00:00:00Z'
diff --git a/charts/senlin/requirements.lock b/charts/senlin/requirements.lock
index d43449c..e346dde 100644
--- a/charts/senlin/requirements.lock
+++ b/charts/senlin/requirements.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: helm-toolkit
-  repository: file://../../openstack-helm-infra/helm-toolkit
+  repository: https://tarballs.openstack.org/openstack-helm-infra
   version: 0.2.55
-digest: sha256:f25556fa4f0b285a96cbf853e72555c04e65772daf0ffa6b518321e5e249f5ca
-generated: "2023-11-22T20:15:02.349435177Z"
+digest: sha256:92b4001062b365cd9687eb926780c7f64e17e488262c1167339ade0fe600b368
+generated: '0001-01-01T00:00:00Z'
diff --git a/charts/senlin/requirements.yaml b/charts/senlin/requirements.yaml
index 4124d01..6ab539f 100644
--- a/charts/senlin/requirements.yaml
+++ b/charts/senlin/requirements.yaml
@@ -1,16 +1,4 @@
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
 dependencies:
-  - name: helm-toolkit
-    repository: file://../../openstack-helm-infra/helm-toolkit
-    version: ">= 0.1.0"
+- name: helm-toolkit
+  repository: https://tarballs.openstack.org/openstack-helm-infra
+  version: 0.2.55
diff --git a/charts/tempest/charts/helm-toolkit/requirements.lock b/charts/tempest/charts/helm-toolkit/requirements.lock
new file mode 100644
index 0000000..808bd94
--- /dev/null
+++ b/charts/tempest/charts/helm-toolkit/requirements.lock
@@ -0,0 +1,3 @@
+dependencies: []
+digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726
+generated: '0001-01-01T00:00:00Z'
diff --git a/charts/tempest/requirements.lock b/charts/tempest/requirements.lock
index cc2292f..e346dde 100644
--- a/charts/tempest/requirements.lock
+++ b/charts/tempest/requirements.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: helm-toolkit
-  repository: file://../../openstack-helm-infra/helm-toolkit
+  repository: https://tarballs.openstack.org/openstack-helm-infra
   version: 0.2.55
-digest: sha256:f25556fa4f0b285a96cbf853e72555c04e65772daf0ffa6b518321e5e249f5ca
-generated: "2023-11-22T20:15:05.422266295Z"
+digest: sha256:92b4001062b365cd9687eb926780c7f64e17e488262c1167339ade0fe600b368
+generated: '0001-01-01T00:00:00Z'
diff --git a/charts/tempest/requirements.yaml b/charts/tempest/requirements.yaml
index 4124d01..6ab539f 100644
--- a/charts/tempest/requirements.yaml
+++ b/charts/tempest/requirements.yaml
@@ -1,16 +1,4 @@
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
 dependencies:
-  - name: helm-toolkit
-    repository: file://../../openstack-helm-infra/helm-toolkit
-    version: ">= 0.1.0"
+- name: helm-toolkit
+  repository: https://tarballs.openstack.org/openstack-helm-infra
+  version: 0.2.55