[ovn-controller] Change startup mechanism of ovs pods

This commit aims to modify the starting scripts of the
ovn-controller-ovs daemonset.

This is done to allow modifying the RollingUpdate Strategy
to not allow any Unavailable pod during update, what this will
cause is that during an update to the pod (delete old one and create
new one) instead of first deleting the first one and then deleting the
next one, it will create the new pod while the old one is running. Due
to how the startup scritps works currently this is not allowed.

The reason behind this is to try to lower the downtime observed if the
environment is using centralized floating ip during an update.

With this commit the ovn-controller-ovs will share the PID namespace
with the host, in order to allow signaling between old/new pod.

Another change is adding an STATE that the containers (ovsdb-server,
ovs-vswitchd and ovsdb-server-init) will handle internally.

The differents states are:
 - NULL (No file): will happen the fist time ds is created on the oc
   worker.
 - INIT: First time init-ovsdb-server is executed on the oc worker.
 - OVSDB_SERVER: once ovsdb-server pod has run the startup script
 - RUNNING: Once ovsdb-server is up  and ovs-vswitchd has run the
   startup script.
 - UPDATE: Once a new pod is created and ovsdb-server-init has run.
 - RESTART_VSWITCH: After ovsdb-server-init has finished, new
   ovsdb-server pod has stopped the old ovs-vswitchd process.
 - RESTART_DBSERVER: After old ovs-vswitchd has been restarted the
   old ovsdb-server is also stop.

The normal flow of states is the following:

NULL -> INIT -> OVSDB_SERVER -> RUNNING

Scale down: If the oc worker is deleted the DS and all the pods and mount points
will be deleted, in case of node being up again it should start from
NULL

Update: RUNNING -> (Change on CR) -> UPDATE -> RESTART_VSWITCHD ->
RESTART_DBSERVER -> OVSDB_SERVER -> RUNNING

Related: OSPRH-11636
Jira: OSPRH-10821

Author: averdagu

api/go.mod

@@ -8,8 +8,8 @@ require (
 	github.com/onsi/gomega v1.34.1
 	github.com/openstack-k8s-operators/infra-operator/apis v0.5.1-0.20250301104950-9a202ca63f62
 	github.com/openstack-k8s-operators/lib-common/modules/common v0.5.1-0.20250228124213-cd63da392f97
-	k8s.io/api v0.29.14
-	k8s.io/apimachinery v0.29.14
+	k8s.io/api v0.29.15
+	k8s.io/apimachinery v0.29.15
 	sigs.k8s.io/controller-runtime v0.17.6
 )
 
@@ -57,9 +57,9 @@ require (
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/apiextensions-apiserver v0.29.14 // indirect
-	k8s.io/client-go v0.29.14 // indirect
-	k8s.io/component-base v0.29.14 // indirect
+	k8s.io/apiextensions-apiserver v0.29.15 // indirect
+	k8s.io/client-go v0.29.15 // indirect
+	k8s.io/component-base v0.29.15 // indirect
 	k8s.io/klog/v2 v2.120.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20240322212309-b815d8309940 // indirect
 	k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect
@@ -69,3 +69,5 @@ require (
 )
 
 replace github.com/openshift/api => github.com/openshift/api v0.0.0-20240830023148-b7d0481c9094 //allow-merging
+
+replace github.com/openstack-k8s-operators/lib-common/modules/common => github.com/averdagu/lib-common/modules/common v0.0.0-20250318112303-0e4fcdf116e1 //allow-merging

api/go.sum

@@ -1,3 +1,5 @@
+github.com/averdagu/lib-common/modules/common v0.0.0-20250318112303-0e4fcdf116e1 h1:UG6y5DfMsbbWDm6/ZJWWGRXrxAeNoskn4N0XVlhi8Gw=
+github.com/averdagu/lib-common/modules/common v0.0.0-20250318112303-0e4fcdf116e1/go.mod h1:1CtBP0MQffdjE6buOv5jP2rB3+h7WH0a11lcyrpmxOk=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
@@ -80,8 +82,6 @@ github.com/openshift/api v0.0.0-20240830023148-b7d0481c9094 h1:J1wuGhVxpsHykZBa6
 github.com/openshift/api v0.0.0-20240830023148-b7d0481c9094/go.mod h1:CxgbWAlvu2iQB0UmKTtRu1YfepRg1/vJ64n2DlIEVz4=
 github.com/openstack-k8s-operators/infra-operator/apis v0.5.1-0.20250301104950-9a202ca63f62 h1:0NgCmg03wFjZEltZyHLWalTsUxOg1b7WFNlOZ4APPek=
 github.com/openstack-k8s-operators/infra-operator/apis v0.5.1-0.20250301104950-9a202ca63f62/go.mod h1:JgcmYJyyMKfArK8ulZnbls0L01qt8Dq6s5LH8TZH63A=
-github.com/openstack-k8s-operators/lib-common/modules/common v0.5.1-0.20250228124213-cd63da392f97 h1:3LC66vrXJzGMV/eCdvImosOEL2Cgc2KFJIm2YhfTG3w=
-github.com/openstack-k8s-operators/lib-common/modules/common v0.5.1-0.20250228124213-cd63da392f97/go.mod h1:rgpcv2tLD+/vudXx/gpIQSTuRpk4GOxHx84xwfvQalM=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
@@ -184,16 +184,16 @@ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-k8s.io/api v0.29.14 h1:JWFh5ufowH3Y6tCgEzY3URVJHb27f0tEDEej0nCjWDw=
-k8s.io/api v0.29.14/go.mod h1:IV8YqKxMm8JGLBLlHM13Npn5lCITH10XYipWEW+YEOQ=
-k8s.io/apiextensions-apiserver v0.29.14 h1:gw9WXrZJPu5kpI1UC+Wf8BVe9PWwRUB/UZXU8VzBsq4=
-k8s.io/apiextensions-apiserver v0.29.14/go.mod h1:TJ51W+HKW2XqTtAsEFOz1/OohsMtekbKaTXh8ldioL4=
-k8s.io/apimachinery v0.29.14 h1:IDhwnGNCp836SLOwW1SoEfFNV77wxIklhxeAHX9vmSo=
-k8s.io/apimachinery v0.29.14/go.mod h1:i3FJVwhvSp/6n8Fl4K97PJEP8C+MM+aoDq4+ZJBf70Y=
-k8s.io/client-go v0.29.14 h1:OSnzZ9DClaFRgl3zMAY2kGZhNjdGJkEb+RDz+MW2h6k=
-k8s.io/client-go v0.29.14/go.mod h1:XtZt5n5UxKfPJ+sCoTPcEavWgZbLFFxMnAFFRQGK1RY=
-k8s.io/component-base v0.29.14 h1:SF1DWN7bc2VloJ/ysegGoi/aHnopEo81aw9CslhqXIw=
-k8s.io/component-base v0.29.14/go.mod h1:FoK1PHhFTaEQVvQLw29/Uyfd8Ug0qUKHrUcXIXJ1VxI=
+k8s.io/api v0.29.15 h1:QxPcAheYujeBwkdiE0vMyKkAtqUq5YNyXVqimT+me44=
+k8s.io/api v0.29.15/go.mod h1:16duIp2ez6GiLPq1g8XtZNIkw6hJpIitpxZSvv0dZ6E=
+k8s.io/apiextensions-apiserver v0.29.15 h1:XI5axgsWqMlIIgpHbcz5vPjk06i3ibHv5FUdSfdtQLU=
+k8s.io/apiextensions-apiserver v0.29.15/go.mod h1:6ZU61z32I8WUwbBTPIANUesTj5G40sZek0ojmeoMJI8=
+k8s.io/apimachinery v0.29.15 h1:aLc0wghElkdnTO7TMVTxTrifoXah1lqRL8s6szDHGbg=
+k8s.io/apimachinery v0.29.15/go.mod h1:i3FJVwhvSp/6n8Fl4K97PJEP8C+MM+aoDq4+ZJBf70Y=
+k8s.io/client-go v0.29.15 h1:zCBOXKCtz9Hl8boKUGs8zbtZEP6pc7O8Ov3ma+gnS6o=
+k8s.io/client-go v0.29.15/go.mod h1:xPy0D3p4sonPhZhI3QoYo4m7oLKoPjFf4vYF9oxoxNM=
+k8s.io/component-base v0.29.15 h1:CvmXXTDyk43FDaiJ/Rp+yWFjw6hkUI2t7mIJUrK5j00=
+k8s.io/component-base v0.29.15/go.mod h1:jH/sbuvmXew2Fz2iIKNMeNw8o/d1KR9tAg6uekQKnVk=
 k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw=
 k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
 k8s.io/kube-openapi v0.0.0-20240322212309-b815d8309940 h1:qVoMaQV5t62UUvHe16Q3eb2c5HPzLHYzsi0Tu/xLndo=

controllers/ovncontroller_controller.go

@@ -612,7 +612,6 @@ func (r *OVNControllerReconciler) reconcileNormal(ctx context.Context, instance
 	instance.Status.DesiredNumberScheduled = dset.GetDaemonSet().Status.DesiredNumberScheduled
 	instance.Status.NumberReady = dset.GetDaemonSet().Status.NumberReady
 
-	// Define a new DaemonSet object for OVS (ovsdb-server + ovs-vswitchd)
 	ovsdset := daemonset.NewDaemonSet(
 		ovncontroller.CreateOVSDaemonSet(instance, inputHash, ovsServiceLabels, serviceAnnotations, topology),
 		time.Duration(5)*time.Second,

go.mod

@@ -14,9 +14,9 @@ require (
 	github.com/openstack-k8s-operators/ovn-operator/api v0.0.0-20230418071801-b5843d9e05fb
 	go.uber.org/zap v1.27.0
 	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56
-	k8s.io/api v0.29.14
-	k8s.io/apimachinery v0.29.14
-	k8s.io/client-go v0.29.14
+	k8s.io/api v0.29.15
+	k8s.io/apimachinery v0.29.15
+	k8s.io/client-go v0.29.15
 	k8s.io/utils v0.0.0-20240711033017-18e509b52bc8
 	sigs.k8s.io/controller-runtime v0.17.6
 )
@@ -69,8 +69,8 @@ require (
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/apiextensions-apiserver v0.29.14 // indirect
-	k8s.io/component-base v0.29.14 // indirect
+	k8s.io/apiextensions-apiserver v0.29.15 // indirect
+	k8s.io/component-base v0.29.15 // indirect
 	k8s.io/klog/v2 v2.120.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20240322212309-b815d8309940 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
@@ -83,3 +83,5 @@ replace github.com/openstack-k8s-operators/ovn-operator/api => ./api
 // mschuppert: map to latest commit from release-4.16 tag
 // must consistent within modules and service operators
 replace github.com/openshift/api => github.com/openshift/api v0.0.0-20240830023148-b7d0481c9094 //allow-merging
+
+replace github.com/openstack-k8s-operators/lib-common/modules/common => github.com/averdagu/lib-common/modules/common v0.0.0-20250318112303-0e4fcdf116e1 //allow-merging

go.sum

@@ -1,3 +1,5 @@
+github.com/averdagu/lib-common/modules/common v0.0.0-20250318112303-0e4fcdf116e1 h1:UG6y5DfMsbbWDm6/ZJWWGRXrxAeNoskn4N0XVlhi8Gw=
+github.com/averdagu/lib-common/modules/common v0.0.0-20250318112303-0e4fcdf116e1/go.mod h1:1CtBP0MQffdjE6buOv5jP2rB3+h7WH0a11lcyrpmxOk=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
@@ -78,8 +80,6 @@ github.com/openshift/api v0.0.0-20240830023148-b7d0481c9094 h1:J1wuGhVxpsHykZBa6
 github.com/openshift/api v0.0.0-20240830023148-b7d0481c9094/go.mod h1:CxgbWAlvu2iQB0UmKTtRu1YfepRg1/vJ64n2DlIEVz4=
 github.com/openstack-k8s-operators/infra-operator/apis v0.5.1-0.20250301104950-9a202ca63f62 h1:0NgCmg03wFjZEltZyHLWalTsUxOg1b7WFNlOZ4APPek=
 github.com/openstack-k8s-operators/infra-operator/apis v0.5.1-0.20250301104950-9a202ca63f62/go.mod h1:JgcmYJyyMKfArK8ulZnbls0L01qt8Dq6s5LH8TZH63A=
-github.com/openstack-k8s-operators/lib-common/modules/common v0.5.1-0.20250228124213-cd63da392f97 h1:3LC66vrXJzGMV/eCdvImosOEL2Cgc2KFJIm2YhfTG3w=
-github.com/openstack-k8s-operators/lib-common/modules/common v0.5.1-0.20250228124213-cd63da392f97/go.mod h1:rgpcv2tLD+/vudXx/gpIQSTuRpk4GOxHx84xwfvQalM=
 github.com/openstack-k8s-operators/lib-common/modules/test v0.5.1-0.20250228124213-cd63da392f97 h1:2f6Fl2chkacLkElCtEtCFygtuVhEq3YuUvZbfiEBDZ8=
 github.com/openstack-k8s-operators/lib-common/modules/test v0.5.1-0.20250228124213-cd63da392f97/go.mod h1:oKvVb28i6wwBR5uQO2B2KMzZnCFTPCUCj31c5Zvz2lo=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
@@ -186,16 +186,16 @@ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-k8s.io/api v0.29.14 h1:JWFh5ufowH3Y6tCgEzY3URVJHb27f0tEDEej0nCjWDw=
-k8s.io/api v0.29.14/go.mod h1:IV8YqKxMm8JGLBLlHM13Npn5lCITH10XYipWEW+YEOQ=
-k8s.io/apiextensions-apiserver v0.29.14 h1:gw9WXrZJPu5kpI1UC+Wf8BVe9PWwRUB/UZXU8VzBsq4=
-k8s.io/apiextensions-apiserver v0.29.14/go.mod h1:TJ51W+HKW2XqTtAsEFOz1/OohsMtekbKaTXh8ldioL4=
-k8s.io/apimachinery v0.29.14 h1:IDhwnGNCp836SLOwW1SoEfFNV77wxIklhxeAHX9vmSo=
-k8s.io/apimachinery v0.29.14/go.mod h1:i3FJVwhvSp/6n8Fl4K97PJEP8C+MM+aoDq4+ZJBf70Y=
-k8s.io/client-go v0.29.14 h1:OSnzZ9DClaFRgl3zMAY2kGZhNjdGJkEb+RDz+MW2h6k=
-k8s.io/client-go v0.29.14/go.mod h1:XtZt5n5UxKfPJ+sCoTPcEavWgZbLFFxMnAFFRQGK1RY=
-k8s.io/component-base v0.29.14 h1:SF1DWN7bc2VloJ/ysegGoi/aHnopEo81aw9CslhqXIw=
-k8s.io/component-base v0.29.14/go.mod h1:FoK1PHhFTaEQVvQLw29/Uyfd8Ug0qUKHrUcXIXJ1VxI=
+k8s.io/api v0.29.15 h1:QxPcAheYujeBwkdiE0vMyKkAtqUq5YNyXVqimT+me44=
+k8s.io/api v0.29.15/go.mod h1:16duIp2ez6GiLPq1g8XtZNIkw6hJpIitpxZSvv0dZ6E=
+k8s.io/apiextensions-apiserver v0.29.15 h1:XI5axgsWqMlIIgpHbcz5vPjk06i3ibHv5FUdSfdtQLU=
+k8s.io/apiextensions-apiserver v0.29.15/go.mod h1:6ZU61z32I8WUwbBTPIANUesTj5G40sZek0ojmeoMJI8=
+k8s.io/apimachinery v0.29.15 h1:aLc0wghElkdnTO7TMVTxTrifoXah1lqRL8s6szDHGbg=
+k8s.io/apimachinery v0.29.15/go.mod h1:i3FJVwhvSp/6n8Fl4K97PJEP8C+MM+aoDq4+ZJBf70Y=
+k8s.io/client-go v0.29.15 h1:zCBOXKCtz9Hl8boKUGs8zbtZEP6pc7O8Ov3ma+gnS6o=
+k8s.io/client-go v0.29.15/go.mod h1:xPy0D3p4sonPhZhI3QoYo4m7oLKoPjFf4vYF9oxoxNM=
+k8s.io/component-base v0.29.15 h1:CvmXXTDyk43FDaiJ/Rp+yWFjw6hkUI2t7mIJUrK5j00=
+k8s.io/component-base v0.29.15/go.mod h1:jH/sbuvmXew2Fz2iIKNMeNw8o/d1KR9tAg6uekQKnVk=
 k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw=
 k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
 k8s.io/kube-openapi v0.0.0-20240322212309-b815d8309940 h1:qVoMaQV5t62UUvHe16Q3eb2c5HPzLHYzsi0Tu/xLndo=

pkg/ovncontroller/daemonset.go

@@ -24,6 +24,7 @@ import (
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/util/intstr"
 	"k8s.io/utils/ptr"
 )
 
@@ -236,6 +237,27 @@ func CreateOVSDaemonSet(
 	envVars := map[string]env.Setter{}
 	envVars["CONFIG_HASH"] = env.SetValue(configHash)
 
+	volumes := []corev1.Volume{}
+	mounts := []corev1.VolumeMount{}
+
+	// add OVN dbs cert and CA
+	if instance.Spec.TLS.Enabled() {
+		svc := tls.Service{
+			SecretName: *instance.Spec.TLS.GenericService.SecretName,
+			CertMount:  ptr.To(ovn_common.OVNDbCertPath),
+			KeyMount:   ptr.To(ovn_common.OVNDbKeyPath),
+			CaMount:    ptr.To(ovn_common.OVNDbCaCertPath),
+		}
+		volumes = append(volumes, svc.CreateVolume(ovnv1.ServiceNameOVNController))
+		mounts = append(mounts, svc.CreateVolumeMounts(ovnv1.ServiceNameOVNController)...)
+
+		// add CA bundle if defined
+		if instance.Spec.TLS.CaBundleSecretName != "" {
+			volumes = append(volumes, instance.Spec.TLS.CreateVolume())
+			mounts = append(mounts, instance.Spec.TLS.CreateVolumeMounts(nil)...)
+		}
+	}
+
 	initContainers := []corev1.Container{
 		{
 			Name:    "ovsdb-server-init",
@@ -250,7 +272,7 @@ func CreateOVSDaemonSet(
 				Privileged: &privileged,
 			},
 			Env:          env.MergeEnvs([]corev1.EnvVar{}, envVars),
-			VolumeMounts: GetOVSDbVolumeMounts(),
+			VolumeMounts: append(GetOVSDbVolumeMounts(), mounts...),
 		},
 	}
 
@@ -276,7 +298,7 @@ func CreateOVSDaemonSet(
 				Privileged: &privileged,
 			},
 			Env:          env.MergeEnvs([]corev1.EnvVar{}, envVars),
-			VolumeMounts: GetOVSDbVolumeMounts(),
+			VolumeMounts: append(GetOVSDbVolumeMounts(), mounts...),
 			// TODO: consider the fact that resources are now double booked
 			Resources:                instance.Spec.Resources,
 			LivenessProbe:            ovsDbLivenessProbe,
@@ -303,7 +325,7 @@ func CreateOVSDaemonSet(
 				Privileged: &privileged,
 			},
 			Env:          env.MergeEnvs([]corev1.EnvVar{}, envVars),
-			VolumeMounts: GetVswitchdVolumeMounts(),
+			VolumeMounts: append(GetVswitchdVolumeMounts(), mounts...),
 			// TODO: consider the fact that resources are now double booked
 			Resources:                instance.Spec.Resources,
 			LivenessProbe:            ovsVswitchdLivenessProbe,
@@ -312,6 +334,9 @@ func CreateOVSDaemonSet(
 		},
 	}
 
+	maxUnavailable := intstr.FromInt32(0)
+	maxSurge := intstr.FromInt32(1)
+
 	daemonset := &appsv1.DaemonSet{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      ovnv1.ServiceNameOVS,
@@ -327,9 +352,17 @@ func CreateOVSDaemonSet(
 				},
 				Spec: corev1.PodSpec{
 					ServiceAccountName: instance.RbacResourceName(),
+					HostPID:            true,
 					InitContainers:     initContainers,
 					Containers:         containers,
-					Volumes:            GetOVSVolumes(instance.Name, instance.Namespace),
+					Volumes:            append(GetOVSVolumes(instance.Name, instance.Namespace), volumes...),
+				},
+			},
+			UpdateStrategy: appsv1.DaemonSetUpdateStrategy{
+				Type: appsv1.RollingUpdateDaemonSetStrategyType,
+				RollingUpdate: &appsv1.RollingUpdateDaemonSet{
+					MaxUnavailable: &maxUnavailable,
+					MaxSurge:       &maxSurge,
 				},
 			},
 		},

templates/ovncontroller/bin/init-ovsdb-server.sh

@@ -18,15 +18,67 @@ set -ex
 source $(dirname $0)/functions
 trap wait_for_db_creation EXIT
 
+function init_ovsdb_server {
+    # Initialize or upgrade database if needed
+    CTL_ARGS="--system-id=random --no-ovs-vswitchd"
+    /usr/share/openvswitch/scripts/ovs-ctl start $CTL_ARGS
+    /usr/share/openvswitch/scripts/ovs-ctl stop $CTL_ARGS
+
+    if [ ! -f /var/lib/openvswitch/already_executed ]; then
+        # If file was not present, set status INIT
+        echo "INIT" > /var/lib/openvswitch/already_executed
+    fi
+
+    wait_for_db_creation
+    trap - EXIT
+}
+
+TLSOptions="--certificate=/etc/pki/tls/certs/ovndb.crt --private-key=/etc/pki/tls/private/ovndb.key --ca-cert=/etc/pki/tls/certs/ovndbca.crt"
+DBOptions="--db ssl:ovsdbserver-nb.openstack.svc.cluster.local:6641"
+
 # If db file is empty, remove it; otherwise service won't start.
 # See https://issues.redhat.com/browse/FDP-689 for more details.
 if ! [ -s ${DB_FILE} ]; then
     rm -f ${DB_FILE}
 fi
-# Initialize or upgrade database if needed
-CTL_ARGS="--system-id=random --no-ovs-vswitchd"
-/usr/share/openvswitch/scripts/ovs-ctl start $CTL_ARGS
-/usr/share/openvswitch/scripts/ovs-ctl stop $CTL_ARGS
 
-wait_for_db_creation
-trap - EXIT
+# Easier debug
+sleep 10
+
+# Check if file is created, if not means it's first execution
+if [ -f /var/lib/openvswitch/already_executed ]; then
+    # Need to double check that ovsdb-server and vswitchd are actually running
+    # (That pod was not unhealty and it got destroyed)
+    # In the following steps we need ovsdb-server to be running, check pid file
+    if [ ! -f /run/openvswitch/ovsdb-server.pid ]; then
+        # No PID file, start as normal
+        echo "No PID file found, init ovsdb_server as it's the only pod"
+        init_ovsdb_server
+        exit 0
+    fi
+    # File is created, no need to run ovs-ctl
+    # Change state to "UPDATE"
+    echo "UPDATE" > /var/lib/openvswitch/already_executed
+    # Clear possible leftovers of past executions
+    ## Need to lower chassis priority
+    # First get the system-id
+    chassis_id=$(ovs-vsctl get Open_Vswitch . external_ids:system-id)
+    nb_output=$(ovn-nbctl --no-leader-only $DBOptions $TLSOptions --columns=_uuid,priority find Gateway_Chassis chassis_name=$chassis_id)
+    # Check that nbctl was executed correctly
+    if [ $? -ne 0 ]; then
+        echo "ERROR: ovn-nbctl find command failed"
+        exit 1
+    fi
+    row_uuid=$(echo "$nb_output" | grep "_uuid" | cut -d':' -f2 | xargs)
+    priority=$(echo "$nb_output" | grep "priority" | cut -d':' -f2 | xargs)
+    # Save priority to be able to restore it later (It's overwritting, not appending, hence no check)
+    echo $priority > /var/lib/openvswitch/old_priority
+    # Set lower priority (lowest value possible 0)
+    ovn-nbctl --no-leader-only $DBOptions $TLSOptions set Gateway_Chassis $row_uuid priority=0
+    # Check that nbctl was executed correctly
+    if [ $? -ne 0 ]; then
+        echo "ERROR: ovn-nbctl set command failed"
+        exit 1
+    fi
+    exit 0
+fi

templates/ovncontroller/bin/start-ovsdb-server.sh

@@ -17,12 +17,52 @@
 set -ex
 source $(dirname $0)/functions
 
+echo "start ovsdb-server"
+sleep 3
+
+# Check state 
+if [ -f /var/lib/openvswitch/already_executed ]; then
+    if [ $(cat /var/lib/openvswitch/already_executed) == "UPDATE" ]; then
+        echo "In a middle of an upgrade"
+        # Need to stop vswitch and dbserver
+        # First stop vswitchd
+        vswitchd_pid=$(cat /run/openvswitch/ovs-vswitchd.pid)
+        # Stop vswitch
+        echo "stopping vswitchd"
+        bash /usr/local/bin/container-scripts/stop-vswitchd.sh
+        echo "Done, stopped vswitchd"
+        # Wait for vswitchd to end checking status
+        while true; do
+            if [ $(cat /var/lib/openvswitch/already_executed) == "RESTART_VSWITCHD" ]; then
+                break
+            fi
+            sleep 0.1
+        done
+        echo "Status is already RESTART_VSWITCHD"
+        bash /usr/local/bin/container-scripts/stop-ovsdb-server.sh
+        echo "Done, stopped ovsdb-server"
+        # vswitchd stopped 
+        # We still need to run the ovsdb-server in this new container, this can be done
+        # with the flag --overwrite-pidfile but we need to ignore the next SIGTERM that will
+        # send openshift, creating file to noop the stop-ovsdb-server.sh
+        echo "setting flag to skip ovsdb-server stop"
+        touch /var/lib/openvswitch/skip_stop_ovsdbserver
+    else
+        # It could happen that ovsdb-server or ovs-vwsitchd pod can't start correctly or can't get to running state
+        # this would cause this script to be run with already_executed with an state different than "UPDATE"
+        :
+    fi
+fi
+
 # Remove the obsolete semaphore file in case it still exists.
 cleanup_ovsdb_server_semaphore
 
+# Set state to "OVSDB_SERVER"
+echo "OVSDB_SERVER" > /var/lib/openvswitch/already_executed
+
 # Start the service
 ovsdb-server ${DB_FILE} \
-    --pidfile \
+    --pidfile --overwrite-pidfile \
     --remote=punix:/var/run/openvswitch/db.sock \
     --private-key=db:Open_vSwitch,SSL,private_key \
     --certificate=db:Open_vSwitch,SSL,certificate \