From 70a13529b80265fce2e42aa1b0e6934c7ff544e3 Mon Sep 17 00:00:00 2001
From: wenwenxiong <xiongwenwen01@163.com>
Date: Tue, 26 Sep 2023 15:07:44 +0800
Subject: [PATCH] add init container in vpc-nat-gateway statefulset for init
 (#3254)

* add initcontainer for vpc-nat-gw statefulset for init

---------

Signed-off-by: xiongww <xiongww@chinatelecom.cn>
Co-authored-by: xiongww <xiongww@chinatelecom.cn>
---
 pkg/controller/vpc_nat_gateway.go | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/pkg/controller/vpc_nat_gateway.go b/pkg/controller/vpc_nat_gateway.go
index 0596b8c577f..3dce6733dab 100644
--- a/pkg/controller/vpc_nat_gateway.go
+++ b/pkg/controller/vpc_nat_gateway.go
@@ -767,7 +767,7 @@ func (c *Controller) genNatGwStatefulSet(gw *kubeovnv1.VpcNatGateway, oldSts *v1
 		selectors[strings.TrimSpace(parts[0])] = strings.TrimSpace(parts[1])
 	}
 	klog.V(3).Infof("prepare for vpc nat gateway pod, node selector: %v", selectors)
-
+	v4SubnetGw, _, _ := c.GetGwBySubnet(gw.Spec.Subnet)
 	newSts = &v1.StatefulSet{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:   name,
@@ -797,6 +797,19 @@ func (c *Controller) genNatGwStatefulSet(gw *kubeovnv1.VpcNatGateway, oldSts *v1
 							},
 						},
 					},
+					InitContainers: []corev1.Container{
+						{
+							Name:            "vpc-nat-gw-init",
+							Image:           vpcNatImage,
+							Command:         []string{"bash"},
+							Args:            []string{"-c", fmt.Sprintf("bash /kube-ovn/nat-gateway.sh init %s,%s", c.config.ServiceClusterIPRange, v4SubnetGw)},
+							ImagePullPolicy: corev1.PullIfNotPresent,
+							SecurityContext: &corev1.SecurityContext{
+								Privileged:               &privileged,
+								AllowPrivilegeEscalation: &allowPrivilegeEscalation,
+							},
+						},
+					},
 					NodeSelector: selectors,
 					Tolerations:  gw.Spec.Tolerations,
 					Affinity:     &gw.Spec.Affinity,