[ATMOSPHERE-493] chart: bump ovn chart version and add liveness check for northd (#2010)

because required the upstream patch rebased and also new versions include some fixes, i updated ovn chart version first and added liveness check in the patch for introducing kube-ovn

Reviewed-by: Mohammed Naser <mnaser@vexxhost.com>
Reviewed-by: Oleksandr K.
diff --git a/.charts.yml b/.charts.yml
index 852f7ac..65475cb 100644
--- a/.charts.yml
+++ b/.charts.yml
@@ -172,14 +172,13 @@
     repository: *openstack_helm_infra_repository
     dependencies: *openstack_helm_dependencies
   - name: ovn
-    version: 0.1.4
+    version: 0.1.13
     repository: *openstack_helm_infra_repository
     dependencies: *openstack_helm_dependencies
     patches:
       gerrit:
         review.opendev.org:
           - 893739
-          - 914807
   - name: placement
     version: 0.3.9
     repository: *openstack_helm_repository
diff --git a/charts/ovn/Chart.yaml b/charts/ovn/Chart.yaml
index 8ac48b4..00f498b 100644
--- a/charts/ovn/Chart.yaml
+++ b/charts/ovn/Chart.yaml
@@ -9,4 +9,4 @@
 sources:
 - https://github.com/ovn-org/ovn
 - https://opendev.org/openstack/openstack-helm
-version: 0.1.4
+version: 0.1.13
diff --git a/charts/ovn/templates/bin/_ovn-controller-init.sh.tpl b/charts/ovn/templates/bin/_ovn-controller-init.sh.tpl
index 77e1e68..b196021 100644
--- a/charts/ovn/templates/bin/_ovn-controller-init.sh.tpl
+++ b/charts/ovn/templates/bin/_ovn-controller-init.sh.tpl
@@ -18,7 +18,7 @@
 
 function get_ip_address_from_interface {
   local interface=$1
-  local ip=$(ip -4 -o addr s "${interface}" | awk '{ print $4; exit }' | awk -F '/' '{print $1}')
+  local ip=$(ip -4 -o addr s "${interface}" | awk '{ print $4; exit }' | awk -F '/' 'NR==1 {print $1}')
   if [ -z "${ip}" ] ; then
     exit 1
   fi
@@ -27,7 +27,7 @@
 
 function get_ip_prefix_from_interface {
   local interface=$1
-  local prefix=$(ip -4 -o addr s "${interface}" | awk '{ print $4; exit }' | awk -F '/' '{print $2}')
+  local prefix=$(ip -4 -o addr s "${interface}" | awk '{ print $4; exit }' | awk -F '/' 'NR==1 {print $2}')
   if [ -z "${prefix}" ] ; then
     exit 1
   fi
@@ -70,7 +70,7 @@
   elif [[ -z "${bridge_ip}" && -z "${ip}" ]]; then
     echo "Interface and bridge have no ips configured. Leaving as is."
   else
-    echo "Interface ${name} has invalid IP address. IP:[${ip}]; Prefix:[${prefix}]..."
+    echo "Interface ${src_nic} has invalid IP address. IP:[${ip}]; Prefix:[${prefix}]..."
     exit 1
   fi
 
@@ -145,12 +145,13 @@
 ovs-vsctl set open . external-ids:ovn-bridge="{{ .Values.conf.ovn_bridge }}"
 ovs-vsctl set open . external-ids:ovn-bridge-mappings="{{ .Values.conf.ovn_bridge_mappings }}"
 ovs-vsctl set open . external-ids:ovn-cms-options="${OVN_CMS_OPTIONS}"
+
 {{ if .Values.conf.ovn_bridge_datapath_type -}}
 ovs-vsctl set open . external-ids:ovn-bridge-datapath-type="{{ .Values.conf.ovn_bridge_datapath_type }}"
 {{- end }}
 
 # Configure hostname
-{{- if .Values.conf.use_fqdn.compute }}
+{{- if .Values.pod.use_fqdn.compute }}
   ovs-vsctl set open . external-ids:hostname="$(hostname -f)"
 {{- else }}
   ovs-vsctl set open . external-ids:hostname="$(hostname)"
@@ -164,7 +165,7 @@
   bridge=${bmap%:*}
   iface=${bmap#*:}
   ovs-vsctl --may-exist add-br $bridge -- set bridge $bridge protocols=OpenFlow13
-  if [ -n "$iface" ] && [ "$iface" != "null" ]
+  if [ -n "$iface" ] && [ "$iface" != "null" ] && ( ip link show $iface 1>/dev/null 2>&1 );
   then
     ovs-vsctl --may-exist add-port $bridge $iface
     migrate_ip_from_nic $iface $bridge
diff --git a/charts/ovn/templates/daemonset-controller-gw.yaml b/charts/ovn/templates/daemonset-controller-gw.yaml
index 3ecd81d..4acd11b 100644
--- a/charts/ovn/templates/daemonset-controller-gw.yaml
+++ b/charts/ovn/templates/daemonset-controller-gw.yaml
@@ -36,18 +36,15 @@
     {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
     configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
   labels:
-{{ tuple $envAll "ovn" "ovn-controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
-    type: gw
+{{ tuple $envAll "ovn" "ovn_controller_gw" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
 spec:
   selector:
     matchLabels:
-{{ tuple $envAll "ovn" "ovn-controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
-      type: gw
+{{ tuple $envAll "ovn" "ovn_controller_gw" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
   template:
     metadata:
       labels:
-{{ tuple $envAll "ovn" "ovn-controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
-        type: gw
+{{ tuple $envAll "ovn" "ovn_controller_gw" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
       annotations:
 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
@@ -67,7 +64,7 @@
             - /tmp/ovn-controller-init.sh
           env:
             - name: OVN_CMS_OPTIONS
-              value: {{ .Values.conf.gw_ovn_cms_options | quote }}
+              value: {{ .Values.conf.ovn_cms_options_gw_enabled | quote }}
             - name: NODE_NAME
               valueFrom:
                 fieldRef:
diff --git a/charts/ovn/templates/daemonset-controller.yaml b/charts/ovn/templates/daemonset-controller.yaml
index b6b0b04..d208b08 100644
--- a/charts/ovn/templates/daemonset-controller.yaml
+++ b/charts/ovn/templates/daemonset-controller.yaml
@@ -36,18 +36,15 @@
     {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
     configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
   labels:
-{{ tuple $envAll "ovn" "ovn-controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
-    type: hv
+{{ tuple $envAll "ovn" "ovn_controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
 spec:
   selector:
     matchLabels:
-{{ tuple $envAll "ovn" "ovn-controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
-      type: hv
+{{ tuple $envAll "ovn" "ovn_controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
   template:
     metadata:
       labels:
-{{ tuple $envAll "ovn" "ovn-controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
-        type: hv
+{{ tuple $envAll "ovn" "ovn_controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
       annotations:
 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
@@ -55,12 +52,15 @@
     spec:
       serviceAccountName: {{ $serviceAccountName }}
       hostNetwork: true
+      hostPID: true
+      hostIPC: true
       dnsPolicy: {{ .Values.pod.dns_policy }}
       nodeSelector:
         {{ .Values.labels.ovn_controller.node_selector_key }}: {{ .Values.labels.ovn_controller.node_selector_value }}
       initContainers:
 {{- tuple $envAll "ovn_controller" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
         - name: controller-init
+{{ dict "envAll" $envAll "application" "ovn_controller" "container" "controller_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
 {{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ dict "envAll" $envAll "application" "ovn_controller" "container" "controller_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
           command:
@@ -85,12 +85,12 @@
               readOnly: true
       containers:
         - name: controller
-          command:
-            - /root/ovnkube.sh
-            - ovn-controller
 {{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
 {{ dict "envAll" $envAll "application" "ovn_controller" "container" "controller" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+          command:
+            - /root/ovnkube.sh
+            - ovn-controller
 {{ dict "envAll" . "component" "ovn_controller" "container" "controller" "type" "readiness" "probeTemplate" (include "controllerReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
           env:
             - name: OVN_DAEMONSET_VERSION
@@ -112,6 +112,10 @@
               mountPath: /var/run/ovn
             - name: run-openvswitch
               mountPath: /var/run/openvswitch
+            - name: logs
+              mountPath: /var/log/ovn
+            - name: run-ovn
+              mountPath: /run/ovn
       volumes:
         - name: ovn-bin
           configMap:
@@ -125,4 +129,12 @@
           secret:
             secretName: {{ $configMapName }}
             defaultMode: 0444
+        - name: logs
+          hostPath:
+            path: /var/log/ovn
+            type: DirectoryOrCreate
+        - name: run-ovn
+          hostPath:
+            path: /run/ovn
+            type: DirectoryOrCreate
 {{- end }}
diff --git a/charts/ovn/templates/deployment-northd.yaml b/charts/ovn/templates/deployment-northd.yaml
index ae31b35..f945bb2 100644
--- a/charts/ovn/templates/deployment-northd.yaml
+++ b/charts/ovn/templates/deployment-northd.yaml
@@ -62,6 +62,7 @@
 {{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
 {{ dict "envAll" $envAll "application" "ovn_northd" "container" "northd" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
 {{ dict "envAll" . "component" "ovn_northd" "container" "northd" "type" "readiness" "probeTemplate" (include "northdReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
+{{ dict "envAll" . "component" "ovn_northd" "container" "northd" "type" "liveness" "probeTemplate" (include "northdReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
           env:
             - name: OVN_DAEMONSET_VERSION
               value: "3"
diff --git a/charts/ovn/templates/statefulset-ovsdb-nb.yaml b/charts/ovn/templates/statefulset-ovsdb-nb.yaml
index 4866074..98e70ad 100644
--- a/charts/ovn/templates/statefulset-ovsdb-nb.yaml
+++ b/charts/ovn/templates/statefulset-ovsdb-nb.yaml
@@ -73,6 +73,7 @@
 {{ tuple $envAll "ovn_ovsdb_nb" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
 {{ dict "envAll" . "component" "ovn_ovsdb_nb" "container" "ovsdb" "type" "readiness" "probeTemplate" (include "ovnnbReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
+
           ports:
             - containerPort: {{ tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
             - containerPort: {{ tuple "ovn-ovsdb-nb" "internal" "raft" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
@@ -110,7 +111,9 @@
               mountPath: /etc/ovn
       volumes:
         - name: run-openvswitch
-          emptyDir: {}
+          hostPath:
+            path: /run/openvswitch
+            type: DirectoryOrCreate
 {{- if not .Values.volume.ovn_ovsdb_nb.enabled }}
         - name: data
           emptyDir: {}
diff --git a/charts/ovn/templates/statefulset-ovsdb-sb.yaml b/charts/ovn/templates/statefulset-ovsdb-sb.yaml
index 92af96d..694348b 100644
--- a/charts/ovn/templates/statefulset-ovsdb-sb.yaml
+++ b/charts/ovn/templates/statefulset-ovsdb-sb.yaml
@@ -110,7 +110,9 @@
               mountPath: /etc/ovn
       volumes:
         - name: run-openvswitch
-          emptyDir: {}
+          hostPath:
+            path: /run/openvswitch
+            type: DirectoryOrCreate
 {{- if not .Values.volume.ovn_ovsdb_sb.enabled }}
         - name: data
           emptyDir: {}
diff --git a/charts/ovn/values.yaml b/charts/ovn/values.yaml
index 5c35a2f..b70e886 100644
--- a/charts/ovn/values.yaml
+++ b/charts/ovn/values.yaml
@@ -20,11 +20,11 @@
 
 images:
   tags:
-    ovn_ovsdb_nb: docker.io/openstackhelm/ovn:latest-ubuntu_focal
-    ovn_ovsdb_sb: docker.io/openstackhelm/ovn:latest-ubuntu_focal
-    ovn_northd: docker.io/openstackhelm/ovn:latest-ubuntu_focal
-    ovn_controller: docker.io/openstackhelm/ovn:latest-ubuntu_focal
-    dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
+    ovn_ovsdb_nb: docker.io/openstackhelm/ovn:ubuntu_focal
+    ovn_ovsdb_sb: docker.io/openstackhelm/ovn:ubuntu_focal
+    ovn_northd: docker.io/openstackhelm/ovn:ubuntu_focal
+    ovn_controller: docker.io/openstackhelm/ovn:ubuntu_focal
+    dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal
     image_repo_sync: docker.io/library/docker:17.07.0
     vector: docker.io/timberio/vector:0.39.0-debian
     ovn_logging_parser: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
@@ -37,16 +37,16 @@
 
 labels:
   ovn_ovsdb_nb:
-    node_selector_key: openstack-compute-node
+    node_selector_key: openstack-network-node
     node_selector_value: enabled
   ovn_ovsdb_sb:
-    node_selector_key: openstack-compute-node
+    node_selector_key: openstack-network-node
     node_selector_value: enabled
   ovn_northd:
-    node_selector_key: openstack-compute-node
+    node_selector_key: openstack-network-node
     node_selector_value: enabled
   ovn_controller:
-    node_selector_key: openstack-compute-node
+    node_selector_key: openvswitch
     node_selector_value: enabled
   ovn_controller_gw:
     node_selector_key: openstack-control-plane
@@ -72,7 +72,7 @@
 
 conf:
   ovn_cms_options: "availability-zones=nova"
-  gw_ovn_cms_options: "enable-chassis-as-gw,availability-zones=nova"
+  ovn_cms_options_gw_enabled: "enable-chassis-as-gw,availability-zones=nova"
   ovn_encap_type: geneve
   ovn_bridge: br-int
   ovn_bridge_mappings: external:br-ex
@@ -84,10 +84,6 @@
   #   br-public: eth1
   auto_bridge_add: {}
 
-  # NOTE: should be same as nova.conf.use_fqdn.compute
-  use_fqdn:
-    compute: true
-
   ovn_network_logging_parser_uwsgi:
     uwsgi:
       add-header: "Connection: close"
@@ -107,6 +103,9 @@
       wsgi-file: /var/lib/openstack/bin/neutron-ovn-network-logging-parser-wsgi
 
 pod:
+  # NOTE: should be same as nova.pod.use_fqdn.compute
+  use_fqdn:
+    compute: true
   security_context:
     ovn_northd:
       container:
@@ -117,21 +116,19 @@
     ovn_controller:
       container:
         controller_init:
+          readOnlyRootFilesystem: true
           privileged: true
-          runAsUser: 0
         controller:
-          capabilities:
-            add:
-              - SYS_NICE
+          readOnlyRootFilesystem: true
+          privileged: true
     ovn_controller_gw:
       container:
         controller_init:
+          readOnlyRootFilesystem: true
           privileged: true
-          runAsUser: 0
         controller:
-          capabilities:
-            add:
-              - SYS_NICE
+          readOnlyRootFilesystem: true
+          privileged: true
         ovn_logging_parser:
           allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true
@@ -289,6 +286,7 @@
         limits:
           memory: "1024Mi"
           cpu: "2000m"
+
   sidecars:
     ovn_logging_parser: false
     vector: false
diff --git a/charts/patches/ovn/0001-switch-to-ovn-kubernetes.patch b/charts/patches/ovn/0001-switch-to-ovn-kubernetes.patch
index f8dc4c1..51a4bad 100644
--- a/charts/patches/ovn/0001-switch-to-ovn-kubernetes.patch
+++ b/charts/patches/ovn/0001-switch-to-ovn-kubernetes.patch
@@ -1,7 +1,7 @@
-diff --git b/ovn/templates/bin/_ovn-controller-init.sh.tpl a/charts/ovn/templates/bin/_ovn-controller-init.sh.tpl
-index 1e61577d..77e1e687 100644
---- b/ovn/templates/bin/_ovn-controller-init.sh.tpl
-+++ a/ovn/templates/bin/_ovn-controller-init.sh.tpl
+diff --git a/ovn/templates/bin/_ovn-controller-init.sh.tpl b/ovn/templates/bin/_ovn-controller-init.sh.tpl
+index 55cc2ecb..885204a0 100644
+--- a/ovn/templates/bin/_ovn-controller-init.sh.tpl
++++ b/ovn/templates/bin/_ovn-controller-init.sh.tpl
 @@ -14,6 +14,8 @@
  # See the License for the specific language governing permissions and
  # limitations under the License.
@@ -10,7 +10,7 @@
 +
  function get_ip_address_from_interface {
    local interface=$1
-   local ip=$(ip -4 -o addr s "${interface}" | awk '{ print $4; exit }' | awk -F '/' '{print $1}')
+   local ip=$(ip -4 -o addr s "${interface}" | awk '{ print $4; exit }' | awk -F '/' 'NR==1 {print $1}')
 @@ -75,6 +77,19 @@ function migrate_ip_from_nic {
    set -e
  }
@@ -63,21 +63,22 @@
  
  # Configure OVN remote
  {{- if empty .Values.conf.ovn_remote -}}
-@@ -118,6 +145,9 @@ ovs-vsctl set open . external-ids:ovn-encap-type="{{ .Values.conf.ovn_encap_type
- ovs-vsctl set open . external-ids:ovn-bridge="{{ .Values.conf.ovn_bridge }}"
- ovs-vsctl set open . external-ids:ovn-bridge-mappings="{{ .Values.conf.ovn_bridge_mappings }}"
- ovs-vsctl set open . external-ids:ovn-cms-options="${OVN_CMS_OPTIONS}"
+@@ -125,6 +152,10 @@ else
+   ovs-vsctl set open . external-ids:ovn-cms-options={{ .Values.conf.ovn_cms_options }}
+ fi
+ 
 +{{ if .Values.conf.ovn_bridge_datapath_type -}}
 +ovs-vsctl set open . external-ids:ovn-bridge-datapath-type="{{ .Values.conf.ovn_bridge_datapath_type }}"
 +{{- end }}
- 
++
  # Configure hostname
- {{- if .Values.conf.use_fqdn.compute }}
-diff --git b/ovn/templates/clusterrole-controller.yaml a/charts/ovn/templates/clusterrole-controller.yaml
+ {{- if .Values.pod.use_fqdn.compute }}
+   ovs-vsctl set open . external-ids:hostname="$(hostname -f)"
+diff --git a/ovn/templates/clusterrole-controller.yaml b/ovn/templates/clusterrole-controller.yaml
 new file mode 100644
 index 00000000..8291f65a
 --- /dev/null
-+++ a/ovn/templates/clusterrole-controller.yaml
++++ b/ovn/templates/clusterrole-controller.yaml
 @@ -0,0 +1,12 @@
 +apiVersion: rbac.authorization.k8s.io/v1
 +kind: ClusterRole
@@ -91,11 +92,11 @@
 +  verbs:
 +  - get
 +  - patch
-diff --git b/ovn/templates/clusterrolebinding-controller.yaml a/charts/ovn/templates/clusterrolebinding-controller.yaml
+diff --git a/ovn/templates/clusterrolebinding-controller.yaml b/ovn/templates/clusterrolebinding-controller.yaml
 new file mode 100644
 index 00000000..c95ef5e9
 --- /dev/null
-+++ a/ovn/templates/clusterrolebinding-controller.yaml
++++ b/ovn/templates/clusterrolebinding-controller.yaml
 @@ -0,0 +1,15 @@
 +apiVersion: rbac.authorization.k8s.io/v1
 +kind: ClusterRoleBinding
@@ -112,10 +113,10 @@
 +- kind: ServiceAccount
 +  name: ovn-controller-gw
 +  namespace: {{ .Release.Namespace }}
-diff --git b/ovn/templates/configmap-bin.yaml a/charts/ovn/templates/configmap-bin.yaml
+diff --git a/ovn/templates/configmap-bin.yaml b/ovn/templates/configmap-bin.yaml
 index a849dd8a..82001f99 100644
---- b/ovn/templates/configmap-bin.yaml
-+++ a/ovn/templates/configmap-bin.yaml
+--- a/ovn/templates/configmap-bin.yaml
++++ b/ovn/templates/configmap-bin.yaml
 @@ -24,12 +24,6 @@ data:
    image-repo-sync.sh: |
  {{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }}
@@ -129,10 +130,10 @@
 -  ovn-controller.sh: |
 -{{ tuple "bin/_ovn-controller.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
  {{- end }}
-diff --git b/ovn/templates/daemonset-controller-gw.yaml a/charts/ovn/templates/daemonset-controller-gw.yaml
-index 6307bbab..eb309c5e 100644
---- b/ovn/templates/daemonset-controller-gw.yaml
-+++ a/ovn/templates/daemonset-controller-gw.yaml
+diff --git a/ovn/templates/daemonset-controller-gw.yaml b/ovn/templates/daemonset-controller-gw.yaml
+index 8255f6a4..a0da8b0b 100644
+--- a/ovn/templates/daemonset-controller-gw.yaml
++++ b/ovn/templates/daemonset-controller-gw.yaml
 @@ -12,6 +12,15 @@ See the License for the specific language governing permissions and
  limitations under the License.
  */}}
@@ -149,10 +150,10 @@
  {{- if .Values.manifests.daemonset_ovn_controller_gw }}
  {{- $envAll := . }}
  
-@@ -59,6 +68,10 @@ spec:
+@@ -56,6 +65,10 @@ spec:
            env:
              - name: OVN_CMS_OPTIONS
-               value: {{ .Values.conf.gw_ovn_cms_options | quote }}
+               value: {{ .Values.conf.ovn_cms_options_gw_enabled | quote }}
 +            - name: NODE_NAME
 +              valueFrom:
 +                fieldRef:
@@ -160,7 +161,7 @@
            volumeMounts:
              - name: ovn-bin
                mountPath: /tmp/ovn-controller-init.sh
-@@ -72,25 +85,33 @@ spec:
+@@ -69,25 +83,33 @@ spec:
                readOnly: true
        containers:
          - name: controller
@@ -208,10 +209,10 @@
        volumes:
          - name: ovn-bin
            configMap:
-diff --git b/ovn/templates/daemonset-controller.yaml a/charts/ovn/templates/daemonset-controller.yaml
-index 85daf70b..b6b0b048 100644
---- b/ovn/templates/daemonset-controller.yaml
-+++ a/ovn/templates/daemonset-controller.yaml
+diff --git a/ovn/templates/daemonset-controller.yaml b/ovn/templates/daemonset-controller.yaml
+index 4cd5d9b2..fae94512 100644
+--- a/ovn/templates/daemonset-controller.yaml
++++ b/ovn/templates/daemonset-controller.yaml
 @@ -12,6 +12,15 @@ See the License for the specific language governing permissions and
  limitations under the License.
  */}}
@@ -239,17 +240,10 @@
            volumeMounts:
              - name: ovn-bin
                mountPath: /tmp/ovn-controller-init.sh
-@@ -72,25 +85,33 @@ spec:
-               readOnly: true
-       containers:
-         - name: controller
-+          command:
-+            - /root/ovnkube.sh
-+            - ovn-controller
- {{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
+@@ -76,21 +89,29 @@ spec:
  {{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
  {{ dict "envAll" $envAll "application" "ovn_controller" "container" "controller" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
--          command:
+           command:
 -            - /tmp/ovn-controller.sh
 -            - start
 -          lifecycle:
@@ -258,6 +252,8 @@
 -                command:
 -                  - /tmp/ovn-controller.sh
 -                  - stop
++            - /root/ovnkube.sh
++            - ovn-controller
 +{{ dict "envAll" . "component" "ovn_controller" "container" "controller" "type" "readiness" "probeTemplate" (include "controllerReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
 +          env:
 +            - name: OVN_DAEMONSET_VERSION
@@ -284,13 +280,13 @@
 +              mountPath: /var/run/ovn
 +            - name: run-openvswitch
 +              mountPath: /var/run/openvswitch
-       volumes:
-         - name: ovn-bin
-           configMap:
-diff --git b/ovn/templates/deployment-northd.yaml a/charts/ovn/templates/deployment-northd.yaml
+             - name: logs
+               mountPath: /var/log/ovn
+             - name: run-ovn
+diff --git a/ovn/templates/deployment-northd.yaml b/ovn/templates/deployment-northd.yaml
 index e3afdd05..ae31b357 100644
---- b/ovn/templates/deployment-northd.yaml
-+++ a/ovn/templates/deployment-northd.yaml
+--- a/ovn/templates/deployment-northd.yaml
++++ b/ovn/templates/deployment-northd.yaml
 @@ -12,18 +12,13 @@ See the License for the specific language governing permissions and
  limitations under the License.
  */}}
@@ -315,7 +311,7 @@
  {{- end }}
  
  {{- if .Values.manifests.deployment_northd }}
-@@ -60,28 +55,26 @@ spec:
+@@ -60,28 +55,27 @@ spec:
  {{- tuple $envAll "ovn_northd" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
        containers:
          - name: northd
@@ -347,6 +343,7 @@
 -            name: ovn-bin
 -            defaultMode: 0555
 +{{ dict "envAll" . "component" "ovn_northd" "container" "northd" "type" "readiness" "probeTemplate" (include "northdReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
++{{ dict "envAll" . "component" "ovn_northd" "container" "northd" "type" "liveness" "probeTemplate" (include "northdReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
 +          env:
 +            - name: OVN_DAEMONSET_VERSION
 +              value: "3"
@@ -363,11 +360,11 @@
 +            - name: OVN_SSL_ENABLE
 +              value: "no"
  {{- end }}
-diff --git b/ovn/templates/role-controller.yaml a/charts/ovn/templates/role-controller.yaml
+diff --git a/ovn/templates/role-controller.yaml b/ovn/templates/role-controller.yaml
 new file mode 100644
 index 00000000..de3cfa6d
 --- /dev/null
-+++ a/ovn/templates/role-controller.yaml
++++ b/ovn/templates/role-controller.yaml
 @@ -0,0 +1,11 @@
 +apiVersion: rbac.authorization.k8s.io/v1
 +kind: Role
@@ -380,11 +377,11 @@
 +  - endpointslices
 +  verbs:
 +  - list
-diff --git b/ovn/templates/role-northd.yaml a/charts/ovn/templates/role-northd.yaml
+diff --git a/ovn/templates/role-northd.yaml b/ovn/templates/role-northd.yaml
 new file mode 100644
 index 00000000..ca02fae6
 --- /dev/null
-+++ a/ovn/templates/role-northd.yaml
++++ b/ovn/templates/role-northd.yaml
 @@ -0,0 +1,11 @@
 +apiVersion: rbac.authorization.k8s.io/v1
 +kind: Role
@@ -397,11 +394,11 @@
 +  - endpointslices
 +  verbs:
 +  - list
-diff --git b/ovn/templates/role-ovsdb.yaml a/charts/ovn/templates/role-ovsdb.yaml
+diff --git a/ovn/templates/role-ovsdb.yaml b/ovn/templates/role-ovsdb.yaml
 new file mode 100644
 index 00000000..10e0e239
 --- /dev/null
-+++ a/ovn/templates/role-ovsdb.yaml
++++ b/ovn/templates/role-ovsdb.yaml
 @@ -0,0 +1,19 @@
 +apiVersion: rbac.authorization.k8s.io/v1
 +kind: Role
@@ -422,11 +419,11 @@
 +  verbs:
 +  - list
 +  - get
-diff --git b/ovn/templates/rolebinding-controller.yaml a/charts/ovn/templates/rolebinding-controller.yaml
+diff --git a/ovn/templates/rolebinding-controller.yaml b/ovn/templates/rolebinding-controller.yaml
 new file mode 100644
 index 00000000..7973c7e2
 --- /dev/null
-+++ a/ovn/templates/rolebinding-controller.yaml
++++ b/ovn/templates/rolebinding-controller.yaml
 @@ -0,0 +1,13 @@
 +apiVersion: rbac.authorization.k8s.io/v1
 +kind: RoleBinding
@@ -441,11 +438,11 @@
 +  name: ovn-controller
 +- kind: ServiceAccount
 +  name: ovn-controller-gw
-diff --git b/ovn/templates/rolebinding-northd.yaml a/charts/ovn/templates/rolebinding-northd.yaml
+diff --git a/ovn/templates/rolebinding-northd.yaml b/ovn/templates/rolebinding-northd.yaml
 new file mode 100644
 index 00000000..428a4707
 --- /dev/null
-+++ a/ovn/templates/rolebinding-northd.yaml
++++ b/ovn/templates/rolebinding-northd.yaml
 @@ -0,0 +1,11 @@
 +apiVersion: rbac.authorization.k8s.io/v1
 +kind: RoleBinding
@@ -458,11 +455,11 @@
 +subjects:
 +- kind: ServiceAccount
 +  name: ovn-northd
-diff --git b/ovn/templates/rolebinding-ovsdb.yaml a/charts/ovn/templates/rolebinding-ovsdb.yaml
+diff --git a/ovn/templates/rolebinding-ovsdb.yaml b/ovn/templates/rolebinding-ovsdb.yaml
 new file mode 100644
 index 00000000..f32382bc
 --- /dev/null
-+++ a/ovn/templates/rolebinding-ovsdb.yaml
++++ b/ovn/templates/rolebinding-ovsdb.yaml
 @@ -0,0 +1,13 @@
 +apiVersion: rbac.authorization.k8s.io/v1
 +kind: RoleBinding
@@ -477,10 +474,10 @@
 +  name: ovn-ovsdb-nb
 +- kind: ServiceAccount
 +  name: ovn-ovsdb-sb
-diff --git b/ovn/templates/service-ovsdb-nb.yaml a/charts/ovn/templates/service-ovsdb-nb.yaml
+diff --git a/ovn/templates/service-ovsdb-nb.yaml b/ovn/templates/service-ovsdb-nb.yaml
 index b93da9b8..56f7cd09 100644
---- b/ovn/templates/service-ovsdb-nb.yaml
-+++ a/ovn/templates/service-ovsdb-nb.yaml
+--- a/ovn/templates/service-ovsdb-nb.yaml
++++ b/ovn/templates/service-ovsdb-nb.yaml
 @@ -20,6 +20,7 @@ kind: Service
  metadata:
    name: {{ tuple "ovn-ovsdb-nb" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
@@ -489,10 +486,10 @@
    ports:
      - name: ovsdb
        port: {{ tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
-diff --git b/ovn/templates/service-ovsdb-sb.yaml a/charts/ovn/templates/service-ovsdb-sb.yaml
+diff --git a/ovn/templates/service-ovsdb-sb.yaml b/ovn/templates/service-ovsdb-sb.yaml
 index 70f62c6e..4a6b5864 100644
---- b/ovn/templates/service-ovsdb-sb.yaml
-+++ a/ovn/templates/service-ovsdb-sb.yaml
+--- a/ovn/templates/service-ovsdb-sb.yaml
++++ b/ovn/templates/service-ovsdb-sb.yaml
 @@ -20,6 +20,7 @@ kind: Service
  metadata:
    name: {{ tuple "ovn-ovsdb-sb" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
@@ -501,10 +498,10 @@
    ports:
      - name: ovsdb
        port: {{ tuple "ovn-ovsdb-sb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
-diff --git b/ovn/templates/statefulset-ovsdb-nb.yaml a/charts/ovn/templates/statefulset-ovsdb-nb.yaml
-index c8198279..4866074e 100644
---- b/ovn/templates/statefulset-ovsdb-nb.yaml
-+++ a/ovn/templates/statefulset-ovsdb-nb.yaml
+diff --git a/ovn/templates/statefulset-ovsdb-nb.yaml b/ovn/templates/statefulset-ovsdb-nb.yaml
+index 04958165..98e70ada 100644
+--- a/ovn/templates/statefulset-ovsdb-nb.yaml
++++ b/ovn/templates/statefulset-ovsdb-nb.yaml
 @@ -12,6 +12,19 @@ See the License for the specific language governing permissions and
  limitations under the License.
  */}}
@@ -533,7 +530,7 @@
    replicas: {{ .Values.pod.replicas.ovn_ovsdb_nb }}
    selector:
      matchLabels:
-@@ -49,41 +63,54 @@ spec:
+@@ -49,43 +63,57 @@ spec:
  {{- tuple $envAll "ovn_ovsdb_nb" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
        containers:
          - name: ovsdb
@@ -547,6 +544,7 @@
  {{ tuple $envAll "ovn_ovsdb_nb" | include "helm-toolkit.snippets.image" | indent 10 }}
  {{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
 +{{ dict "envAll" . "component" "ovn_ovsdb_nb" "container" "ovsdb" "type" "readiness" "probeTemplate" (include "ovnnbReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
++
            ports:
              - containerPort: {{ tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
              - containerPort: {{ tuple "ovn-ovsdb-nb" "internal" "raft" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
@@ -602,7 +600,9 @@
 +              mountPath: /etc/ovn
        volumes:
          - name: run-openvswitch
-           emptyDir: {}
+           hostPath:
+             path: /run/openvswitch
+             type: DirectoryOrCreate
 -        - name: ovn-bin
 -          configMap:
 -            name: ovn-bin
@@ -610,10 +610,10 @@
  {{- if not .Values.volume.ovn_ovsdb_nb.enabled }}
          - name: data
            emptyDir: {}
-diff --git b/ovn/templates/statefulset-ovsdb-sb.yaml a/charts/ovn/templates/statefulset-ovsdb-sb.yaml
-index 916ef94d..92af96de 100644
---- b/ovn/templates/statefulset-ovsdb-sb.yaml
-+++ a/ovn/templates/statefulset-ovsdb-sb.yaml
+diff --git a/ovn/templates/statefulset-ovsdb-sb.yaml b/ovn/templates/statefulset-ovsdb-sb.yaml
+index 9e7b6670..694348b2 100644
+--- a/ovn/templates/statefulset-ovsdb-sb.yaml
++++ b/ovn/templates/statefulset-ovsdb-sb.yaml
 @@ -12,6 +12,19 @@ See the License for the specific language governing permissions and
  limitations under the License.
  */}}
@@ -642,7 +642,7 @@
    replicas: {{ .Values.pod.replicas.ovn_ovsdb_sb }}
    selector:
      matchLabels:
-@@ -49,41 +63,54 @@ spec:
+@@ -49,43 +63,56 @@ spec:
  {{- tuple $envAll "ovn_ovsdb_sb" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
        containers:
          - name: ovsdb
@@ -711,7 +711,9 @@
 +              mountPath: /etc/ovn
        volumes:
          - name: run-openvswitch
-           emptyDir: {}
+           hostPath:
+             path: /run/openvswitch
+             type: DirectoryOrCreate
 -        - name: ovn-bin
 -          configMap:
 -            name: ovn-bin
@@ -719,7 +721,7 @@
  {{- if not .Values.volume.ovn_ovsdb_sb.enabled }}
          - name: data
            emptyDir: {}
-@@ -93,10 +120,10 @@ spec:
+@@ -95,10 +122,10 @@ spec:
          name: data
        spec:
          accessModes: ["ReadWriteOnce"]
@@ -731,11 +733,11 @@
  {{- end }}
  
  {{- end }}
-diff --git b/ovn/values.yaml a/charts/ovn/values.yaml
-index 518dd71e..214dd16f 100644
---- b/ovn/values.yaml
-+++ a/ovn/values.yaml
-@@ -52,12 +52,10 @@ labels:
+diff --git a/ovn/values.yaml b/ovn/values.yaml
+index a18184ab..b07a0f5a 100644
+--- a/ovn/values.yaml
++++ b/ovn/values.yaml
+@@ -51,12 +51,10 @@ labels:
  
  volume:
    ovn_ovsdb_nb:
@@ -757,7 +759,7 @@
  
    # auto_bridge_add:
    #   br-private: eth0
-@@ -138,13 +138,41 @@ pod:
+@@ -135,13 +135,41 @@ pod:
          readiness:
            enabled: true
            params:
@@ -804,7 +806,7 @@
    dns_policy: "ClusterFirstWithHostNet"
    replicas:
      ovn_ovsdb_nb: 1
-@@ -179,18 +207,18 @@ pod:
+@@ -176,18 +204,18 @@ pod:
      ovs:
        ovn_ovsdb_nb:
          requests:
diff --git a/charts/patches/ovn/0002-add-logging-parser.patch b/charts/patches/ovn/0002-add-logging-parser.patch
index f964369..9133d00 100644
--- a/charts/patches/ovn/0002-add-logging-parser.patch
+++ b/charts/patches/ovn/0002-add-logging-parser.patch
@@ -211,21 +211,20 @@
 +    tenant_id = "{{`{{ project_id }}`}}"
 +{{- end }}
 diff --git a/ovn/values.yaml b/ovn/values.yaml
-index 214dd16f..d0f2406b 100644
---- a/ovn/values.yaml
-+++ b/ovn/values.yaml
-@@ -26,6 +26,8 @@ images:
-     ovn_controller: docker.io/openstackhelm/ovn:latest-ubuntu_focal
-     dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
+index b07a0f5a..79fde2c2 100644
+--- a/ovn//values.yaml
++++ b/ovn//values.yaml
+@@ -26,5 +26,7 @@ images:
+     dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal
      image_repo_sync: docker.io/library/docker:17.07.0
 +    vector: docker.io/timberio/vector:0.39.0-debian
 +    ovn_logging_parser: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
    pull_policy: "IfNotPresent"
    local_registry:
      active: false
-@@ -86,6 +88,24 @@ conf:
-   use_fqdn:
-     compute: true
+@@ -82,6 +84,24 @@ conf:
+   #   br-public: eth1
+   auto_bridge_add: {}
  
 +  ovn_network_logging_parser_uwsgi:
 +    uwsgi:
@@ -246,12 +245,12 @@
 +      wsgi-file: /var/lib/openstack/bin/neutron-ovn-network-logging-parser-wsgi
 +
  pod:
-   security_context:
-     ovn_northd:
-@@ -112,6 +132,12 @@ pod:
-           capabilities:
-             add:
-               - SYS_NICE
+   # NOTE: should be same as nova.pod.use_fqdn.compute
+   use_fqdn:
+@@ -109,6 +129,12 @@ pod:
+         controller:
+           readOnlyRootFilesystem: true
+           privileged: true
 +        ovn_logging_parser:
 +          allowPrivilegeEscalation: false
 +          readOnlyRootFilesystem: true
@@ -261,7 +260,7 @@
    tolerations:
      ovn_ovsdb_nb:
        enabled: false
-@@ -240,6 +266,21 @@ pod:
+@@ -237,6 +263,21 @@ pod:
          limits:
            memory: "1024Mi"
            cpu: "2000m"
@@ -283,17 +282,19 @@
      jobs:
        image_repo_sync:
          requests:
-@@ -248,6 +289,9 @@ pod:
+@@ -245,7 +286,11 @@ pod:
          limits:
            memory: "1024Mi"
            cpu: "2000m"
+ 
 +  sidecars:
 +    ovn_logging_parser: false
 +    vector: false
- 
++
  secrets:
    oci_image_registry:
-@@ -311,6 +355,22 @@ endpoints:
+     ovn: ovn-oci-image-registry-key
+@@ -304,6 +349,22 @@ endpoints:
          default: 6642
        raft:
          default: 6644
@@ -316,80 +317,3 @@
  
  network_policy:
    ovn_ovsdb_nb:
-diff --git a/images/neutron/Dockerfile b/images/neutron/Dockerfile
-index 7032319b..992091b6 100644
---- a/images/neutron/Dockerfile
-+++ b/images/neutron/Dockerfile
-@@ -13,12 +13,16 @@ RUN git -C /src/neutron-vpnaas fetch --unshallow
- ARG POLICY_SERVER_GIT_REF=4a86b140d5510823a8fb8a59137feddf5b111b26
- ADD --keep-git-dir=true https://github.com/vexxhost/neutron-policy-server.git#${POLICY_SERVER_GIT_REF} /src/neutron-policy-server
- RUN git -C /src/neutron-policy-server fetch --unshallow
-+ARG LOG_PASER_GIT_REF=3bc113d9fc0eb3264feca5900e550f6ed15503c2
-+ADD --keep-git-dir=true https://github.com/vexxhost/neutron-ovn-network-logging-parser.git#${LOG_PASER_GIT_REF} /src/neutron-ovn-network-logging-parser
-+RUN git -C /src/neutron-ovn-network-logging-parser fetch --unshallow
- RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private <<EOF bash -xe
- pip3 install \
-     --constraint /upper-constraints.txt \
-         /src/neutron \
-         /src/neutron-vpnaas \
--        /src/neutron-policy-server
-+        /src/neutron-policy-server \
-+        /src/neutron-ovn-network-logging-parser
- EOF
- 
- FROM registry.atmosphere.dev/library/openstack-python-runtime:${RELEASE}
-diff --git a/roles/defaults/vars/main.yml b/roles/defaults/vars/main.yml
-index ff60d44a..2904e8de 100644
---- a/roles/defaults/vars/main.yml
-+++ b/roles/defaults/vars/main.yml
-@@ -173,6 +173,7 @@ _atmosphere_images:
-   openvswitch_db_server: "registry.atmosphere.dev/library/openvswitch:{{ atmosphere_release }}"
-   openvswitch_vswitchd: "registry.atmosphere.dev/library/openvswitch:{{ atmosphere_release }}"
-   ovn_controller: "registry.atmosphere.dev/library/ovn-host:{{ atmosphere_release }}"
-+  ovn_logging_parser: "registry.atmosphere.dev/library/neutron:{{ atmosphere_release }}"
-   ovn_northd: "registry.atmosphere.dev/library/ovn-central:{{ atmosphere_release }}"
-   ovn_ovsdb_nb: "registry.atmosphere.dev/library/ovn-central:{{ atmosphere_release }}"
-   ovn_ovsdb_sb: "registry.atmosphere.dev/library/ovn-central:{{ atmosphere_release }}"
-diff --git a/roles/neutron/vars/main.yml b/roles/neutron/vars/main.yml
-index fc587502..5c814499 100644
---- a/roles/neutron/vars/main.yml
-+++ b/roles/neutron/vars/main.yml
-@@ -70,6 +70,8 @@ __neutron_helm_values:
-         metadata_proxy_shared_secret: "{{ openstack_helm_endpoints['compute_metadata']['secret'] }}"
-     plugins:
-       ml2_conf:
-+        agent:
-+          extensions: "log"
-         ml2:
-           extension_drivers: dns_domain_ports,port_security,qos
-           type_drivers: flat,gre,vlan,vxlan
-@@ -85,7 +87,7 @@ __neutron_ovn_helm_values:
-   conf:
-     neutron:
-       DEFAULT:
--        service_plugins: qos,ovn-router,segments,trunk
-+        service_plugins: qos,ovn-router,segments,trunk,log
-       ovn:
-         ovn_emit_need_to_frag: true
-     ovn_metadata_agent:
-diff --git a/roles/ovn/defaults/main.yml b/roles/ovn/defaults/main.yml
-index b9045986..a6ebdb96 100644
---- a/roles/ovn/defaults/main.yml
-+++ b/roles/ovn/defaults/main.yml
-@@ -18,3 +18,5 @@ ovn_helm_chart_ref: /usr/local/src/ovn
- 
- ovn_helm_release_namespace: openstack
- ovn_helm_values: {}
-+
-+ovn_network_logging_parser_enabled: true
-diff --git a/roles/ovn/vars/main.yml b/roles/ovn/vars/main.yml
-index 59d9c209..603b4edf 100644
---- a/roles/ovn/vars/main.yml
-+++ b/roles/ovn/vars/main.yml
-@@ -35,3 +35,6 @@ _ovn_helm_values:
-       ovn_ovsdb_nb: 3
-       ovn_ovsdb_sb: 3
-       ovn_northd: 3
-+    sidecars:
-+      ovn_logging_parser: "{{ ovn_network_logging_parser_enabled }}"
-+      vector: "{{ ovn_network_logging_parser_enabled }}"
diff --git a/charts/patches/ovn/0003-oci-image-registry-secret.patch b/charts/patches/ovn/0003-oci-image-registry-secret.patch
deleted file mode 100644
index 904f3ab..0000000
--- a/charts/patches/ovn/0003-oci-image-registry-secret.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-diff --git a/ovn/values.yaml b/ovn/values.yaml
-index 4171db47..2df5c38c 100644
---- a/ovn/values.yaml
-+++ b/ovn/values.yaml
-@@ -295,11 +295,7 @@ pod:
-
- secrets:
-   oci_image_registry:
--    ovn_ovsdb_nb: ovn-ovsdb-nb-oci-image-registry-key
--    ovn_ovsdb_sb: ovn-ovsdb-sb-oci-image-registry-key
--    ovn_northd: ovn-northd-oci-image-registry-key
--    ovn_controller: ovn-controller-oci-image-registry-key
--    ovn_controller_gw: ovn-controller-gw-oci-image-registry-key
-+    ovn: ovn-oci-image-registry-key
diff --git a/roles/ovn/vars/main.yml b/roles/ovn/vars/main.yml
index 603b4ed..f03bd3b 100644
--- a/roles/ovn/vars/main.yml
+++ b/roles/ovn/vars/main.yml
@@ -25,12 +25,21 @@
     ovn_northd:
       node_selector_key: openstack-control-plane
       node_selector_value: enabled
+    ovn_controller:
+      node_selector_key: openstack-compute-node
+      node_selector_value: enabled
   volume:
     ovn_ovsdb_nb:
       size: 20Gi
     ovn_ovsdb_sb:
       size: 20Gi
   pod:
+    labels:
+      ovn_controller_gw:
+        type: gw
+      ovn_controller:
+        type: hv
+
     replicas:
       ovn_ovsdb_nb: 3
       ovn_ovsdb_sb: 3