Use host network for ovn controller pods

Change-Id: I9f852ff54cfc42536387fa51a73f019b56070345
2023-12-19 15:38:07 -06:00 · 2023-12-19 15:38:07 -06:00 · 4d5919b070
commit 4d5919b070
parent 1a112e9fba
5 changed files with 27 additions and 8 deletions
--- a/ovn/Chart.yaml
+++ b/ovn/Chart.yaml
@ -15,7 +15,7 @@ apiVersion: v1
 appVersion: v23.3.0
 description: OpenStack-Helm OVN
 name: ovn
-version: 0.1.6
+version: 0.1.7
 home: https://www.ovn.org
 icon: https://www.ovn.org/images/ovn-logo.png
 sources:
--- a/ovn/templates/bin/_ovn-controller-init.sh.tpl
+++ b/ovn/templates/bin/_ovn-controller-init.sh.tpl
@ -68,7 +68,7 @@ ovs-vsctl set open . external-ids:ovn-bridge-mappings="{{ .Values.conf.ovn_bridg
 ovs-vsctl set open . external-ids:ovn-cms-options="{{ .Values.conf.ovn_cms_options }}"

 # Configure hostname
-{{- if .Values.conf.use_fqdn.compute }}
+{{- if .Values.pod.use_fqdn.compute }}
  ovs-vsctl set open . external-ids:hostname="$(hostname -f)"
 {{- else }}
  ovs-vsctl set open . external-ids:hostname="$(hostname)"
--- a/ovn/templates/daemonset-controller.yaml
+++ b/ovn/templates/daemonset-controller.yaml
@ -42,11 +42,16 @@ spec:
        configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
+      hostNetwork: true
+      hostPID: true
+      hostIPC: true
+      dnsPolicy: ClusterFirstWithHostNet
      nodeSelector:
        {{ .Values.labels.ovn_controller.node_selector_key }}: {{ .Values.labels.ovn_controller.node_selector_value }}
      initContainers:
 {{- tuple $envAll "ovn_controller" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
        - name: controller-init
+{{ dict "envAll" $envAll "application" "ovn_controller" "container" "controller_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
 {{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
          command:
            - /tmp/ovn-controller-init.sh
@ -82,6 +87,10 @@ spec:
              readOnly: true
            - name: run-openvswitch
              mountPath: /run/openvswitch
+            - name: logs
+              mountPath: /var/log/ovn
+            - name: run-ovn
+              mountPath: /run/ovn
      volumes:
        - name: ovn-bin
          configMap:
@ -95,4 +104,12 @@ spec:
          secret:
            secretName: {{ $configMapName }}
            defaultMode: 0444
+        - name: logs
+          hostPath:
+            path: /var/log/ovn
+            type: DirectoryOrCreate
+        - name: run-ovn
+          hostPath:
+            path: /run/ovn
+            type: DirectoryOrCreate
 {{- end }}
--- a/ovn/values.yaml
+++ b/ovn/values.yaml
@ -76,11 +76,10 @@ conf:
  #   br-public: eth1
  auto_bridge_add: {}

-  # NOTE: should be same as nova.conf.use_fqdn.compute
+pod:
+  # NOTE: should be same as nova.pod.use_fqdn.compute
  use_fqdn:
    compute: true
-
-pod:
  security_context:
    ovn_northd:
      container:
@ -90,10 +89,12 @@ pod:
              - SYS_NICE
    ovn_controller:
      container:
+        controller_init:
+          readOnlyRootFilesystem: true
+          privileged: true
        controller:
-          capabilities:
-            add:
-              - SYS_NICE
+          readOnlyRootFilesystem: true
+          privileged: true
  tolerations:
    ovn_ovsdb_nb:
      enabled: false
--- a/releasenotes/notes/ovn.yaml
+++ b/releasenotes/notes/ovn.yaml
@ -7,4 +7,5 @@ ovn:
  - 0.1.4 Add support for OVN HA + refactor
  - 0.1.5 Add ubuntu_focal and ubuntu_jammy overrides
  - 0.1.6 Fix ovsdb port number
+  - 0.1.7 Use host network for ovn controller pods
 ...