Merge pull request #341 from karelyatin/OSPRH-637

[ovsdb-server] Move db initialization to an init container

pkg/ovncontroller/daemonset.go

@@ -169,6 +169,24 @@ func CreateOVSDaemonSet(
 	envVars := map[string]env.Setter{}
 	envVars["CONFIG_HASH"] = env.SetValue(configHash)
 
+	initContainers := []corev1.Container{
+		{
+			Name:    "ovsdb-server-init",
+			Command: []string{"/usr/local/bin/container-scripts/init-ovsdb-server.sh"},
+			Image:   instance.Spec.OvsContainerImage,
+			SecurityContext: &corev1.SecurityContext{
+				Capabilities: &corev1.Capabilities{
+					Add:  []corev1.Capability{"NET_ADMIN", "SYS_ADMIN", "SYS_NICE"},
+					Drop: []corev1.Capability{},
+				},
+				RunAsUser:  &runAsUser,
+				Privileged: &privileged,
+			},
+			Env:          env.MergeEnvs([]corev1.EnvVar{}, envVars),
+			VolumeMounts: GetOVSDbVolumeMounts(),
+		},
+	}
+
 	containers := []corev1.Container{
 		{
 			Name:    "ovsdb-server",
@@ -240,6 +258,7 @@ func CreateOVSDaemonSet(
 				},
 				Spec: corev1.PodSpec{
 					ServiceAccountName: instance.RbacResourceName(),
+					InitContainers:     initContainers,
 					Containers:         containers,
 					Volumes:            GetOVSVolumes(instance.Name, instance.Namespace),
 				},

templates/ovncontroller/bin/init-ovsdb-server.sh

@@ -0,0 +1,22 @@
+#!/bin/sh
+#
+# Copyright 2023 Red Hat Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+set -ex
+
+# Initialize or upgrade database if needed
+CTL_ARGS="--system-id=random --no-ovs-vswitchd"
+/usr/share/openvswitch/scripts/ovs-ctl start $CTL_ARGS
+/usr/share/openvswitch/scripts/ovs-ctl stop $CTL_ARGS

templates/ovncontroller/bin/start-ovsdb-server.sh

@@ -20,11 +20,6 @@ source $(dirname $0)/functions
 # Remove the obsolete semaphore file in case it still exists.
 cleanup_ovsdb_server_semaphore
 
-# Initialize or upgrade database if needed
-CTL_ARGS="--system-id=random --no-ovs-vswitchd"
-/usr/share/openvswitch/scripts/ovs-ctl start $CTL_ARGS
-/usr/share/openvswitch/scripts/ovs-ctl stop $CTL_ARGS
-
 # Start the service
 ovsdb-server /etc/openvswitch/conf.db \
     --pidfile \

tests/functional/ovncontroller_controller_test.go

@@ -884,6 +884,36 @@ var _ = Describe("OVNController controller", func() {
 			)
 		})
 
+		It("OVS Daemonset is created with 3 containers including an init container", func() {
+			DeferCleanup(k8sClient.Delete, ctx, th.CreateCABundleSecret(types.NamespacedName{
+				Name:      CABundleSecretName,
+				Namespace: namespace,
+			}))
+			DeferCleanup(k8sClient.Delete, ctx, th.CreateCertSecret(types.NamespacedName{
+				Name:      OvnDbCertSecretName,
+				Namespace: namespace,
+			}))
+
+			daemonSetName := types.NamespacedName{
+				Namespace: namespace,
+				Name:      "ovn-controller",
+			}
+
+			SimulateDaemonsetNumberReady(daemonSetName)
+
+			daemonSetNameOVS := types.NamespacedName{
+				Namespace: namespace,
+				Name:      "ovn-controller-ovs",
+			}
+
+			SimulateDaemonsetNumberReady(daemonSetNameOVS)
+
+			ds := GetDaemonSet(daemonSetNameOVS)
+
+			Expect(ds.Spec.Template.Spec.InitContainers).To(HaveLen(1))
+			Expect(ds.Spec.Template.Spec.Containers).To(HaveLen(2))
+		})
+
 		It("creates a Daemonset with TLS certs attached", func() {
 			DeferCleanup(k8sClient.Delete, ctx, th.CreateCABundleSecret(types.NamespacedName{
 				Name:      CABundleSecretName,