Run ovn controller with non root openvswitch user

We recently updated the openvswitch chart to run ovs db server as non root. See: https://review.opendev.org/c/openstack/openstack-helm-infra/+/939580 Also ovn-kubernetes script ovnkube.sh that we are using for lifecycle management of OVN components tries to update the ownership of OVS run and config directories before start. So we have to pass the correct username to the script so it does not break the OVS files permissions. Change-Id: Ie00dd2657c616645ec237c0880bbc552b3805236
2025-01-29 04:31:05 -06:00 · 2025-01-29 04:31:05 -06:00 · f5531f3bcb
commit f5531f3bcb
parent 41199aee82
2 changed files with 3 additions and 0 deletions
--- a/ovn/templates/daemonset-controller.yaml
+++ b/ovn/templates/daemonset-controller.yaml
@ -110,6 +110,8 @@ spec:
            - ovn-controller
 {{ dict "envAll" . "component" "ovn_controller" "container" "controller" "type" "readiness" "probeTemplate" (include "controllerReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
          env:
+            - name: OVS_USER_ID
+              value: {{ .Values.conf.ovs_user_name }}
            - name: OVN_DAEMONSET_VERSION
              value: "3"
            - name: OVN_LOGLEVEL_CONTROLLER
--- a/ovn/values.yaml
+++ b/ovn/values.yaml
@ -82,6 +82,7 @@ conf:
  #   br-private: eth0
  #   br-public: eth1
  auto_bridge_add: {}
+  ovs_user_name: openvswitch

 pod:
  # NOTE: should be same as nova.pod.use_fqdn.compute