From b65ac7e129df56556e14ad70e7bb1065fa0ab7de Mon Sep 17 00:00:00 2001
From: Thales Elero Cervi <thaleselero.cervi@windriver.com>
Date: Thu, 13 Jul 2023 18:25:24 -0300
Subject: [PATCH] Restore ServiceAccount to openvswitch pod

This change includes back the the helm-toolkit snippet:
kubernetes_pod_rbac_serviceaccount to the openvswitch Daemonset
definition, since it is responsible for creating the POD's
ServiceAccount which contains imagePullSecrets that enable the POD to
retrieve images from private registries.

Originally openvswitch chart had two daemonset definitions: for the
db and for the server, but recently both were merged into a single
daemonset [1] and the template inclusion was dropped during this merge

[1] https://github.com/openstack/openstack-helm-infra/commit/73e2b3322d3cc8ca4ee8453dd612266589d734b1

Signed-off-by: Thales Elero Cervi <thaleselero.cervi@windriver.com>
Change-Id: I8e8e165956db2714563733a78baf156ab20b696a
---
 openvswitch/Chart.yaml               | 2 +-
 openvswitch/templates/daemonset.yaml | 4 ++++
 releasenotes/notes/openvswitch.yaml  | 1 +
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/openvswitch/Chart.yaml b/openvswitch/Chart.yaml
index b828e221bb..1a13925c53 100644
--- a/openvswitch/Chart.yaml
+++ b/openvswitch/Chart.yaml
@@ -15,7 +15,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm OpenVSwitch
 name: openvswitch
-version: 0.1.15
+version: 0.1.16
 home: http://openvswitch.org
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Neutron/OpenStack_Project_Neutron_vertical.png
 sources:
diff --git a/openvswitch/templates/daemonset.yaml b/openvswitch/templates/daemonset.yaml
index 244ffb8e54..798402386b 100644
--- a/openvswitch/templates/daemonset.yaml
+++ b/openvswitch/templates/daemonset.yaml
@@ -56,6 +56,9 @@ exec:
 
 {{- if .Values.manifests.daemonset }}
 {{- $envAll := . }}
+
+{{- $serviceAccountName := "openvswitch-server" }}
+{{ tuple $envAll "vswitchd" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: apps/v1
 kind: DaemonSet
@@ -80,6 +83,7 @@ spec:
 {{ dict "envAll" $envAll "podName" "openvswitch" "containerNames" (list "openvswitch-db" "openvswitch-db-perms" "openvswitch-vswitchd" "openvswitch-vswitchd-modules" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
     spec:
       shareProcessNamespace: true
+      serviceAccountName: {{ $serviceAccountName }}
 {{ dict "envAll" $envAll "application" "ovs" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
       nodeSelector:
         {{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }}
diff --git a/releasenotes/notes/openvswitch.yaml b/releasenotes/notes/openvswitch.yaml
index e6a67d3cd9..3bc8c2364a 100644
--- a/releasenotes/notes/openvswitch.yaml
+++ b/releasenotes/notes/openvswitch.yaml
@@ -16,4 +16,5 @@ openvswitch:
   - 0.1.13 Upgrade openvswitch image to latest-ubuntu_focal to fix qos issue
   - 0.1.14 Add buffer before accesses pid file
   - 0.1.15 Add buffer before accesses ovs controller pid socket
+  - 0.1.16 Restore ServiceAccount to openvswitch pod
 ...