From 964353fe2a92d6e18f839c087b300ff4df675084 Mon Sep 17 00:00:00 2001
From: Periyasamy Palanisamy <pepalani@redhat.com>
Date: Fri, 13 Jun 2025 12:42:19 +0200
Subject: [PATCH] Mount pluto socket file path into ovnkube-node

In order to collect ipsec tunnel metrics we need access to
pluto daemon socket for running ipsec showstates command.
So this commit mounts /var/run/pluto host directory into
ovnkube-controller container.

Signed-off-by: Periyasamy Palanisamy <pepalani@redhat.com>
---
 .../network/ovn-kubernetes/managed/ovnkube-node.yaml   | 10 ++++++++++
 .../ovn-kubernetes/self-hosted/ovnkube-node.yaml       | 10 ++++++++++
 2 files changed, 20 insertions(+)

diff --git a/bindata/network/ovn-kubernetes/managed/ovnkube-node.yaml b/bindata/network/ovn-kubernetes/managed/ovnkube-node.yaml
index b40a2bf114..023e012f6f 100644
--- a/bindata/network/ovn-kubernetes/managed/ovnkube-node.yaml
+++ b/bindata/network/ovn-kubernetes/managed/ovnkube-node.yaml
@@ -507,6 +507,10 @@ spec:
           name: ovnkube-config
         - mountPath: /env
           name: env-overrides
+{{ if .OVNIPsecEnable }}
+        - mountPath: /var/run/pluto
+          name: run-pluto
+{{ end }}
         resources:
           requests:
             cpu: 10m
@@ -713,5 +717,11 @@ spec:
         configMap:
           name: ovnkube-script-lib
           defaultMode: 0744
+{{ if .OVNIPsecEnable }}
+      - name: run-pluto
+        hostPath:
+          path: /var/run/pluto
+          type: DirectoryOrCreate
+{{ end }}
       tolerations:
       - operator: "Exists"
diff --git a/bindata/network/ovn-kubernetes/self-hosted/ovnkube-node.yaml b/bindata/network/ovn-kubernetes/self-hosted/ovnkube-node.yaml
index aae45f8d5a..bba649ea4f 100644
--- a/bindata/network/ovn-kubernetes/self-hosted/ovnkube-node.yaml
+++ b/bindata/network/ovn-kubernetes/self-hosted/ovnkube-node.yaml
@@ -639,6 +639,10 @@ spec:
           name: ovnkube-config
         - mountPath: /env
           name: env-overrides
+{{ if .OVNIPsecEnable }}
+        - mountPath: /var/run/pluto
+          name: run-pluto
+{{ end }}
         resources:
           requests:
             cpu: 10m
@@ -841,5 +845,11 @@ spec:
         configMap:
           name: ovnkube-script-lib
           defaultMode: 0744
+{{ if .OVNIPsecEnable }}
+      - name: run-pluto
+        hostPath:
+          path: /var/run/pluto
+          type: DirectoryOrCreate
+{{ end }}
       tolerations:
       - operator: "Exists"