fix permission issue in kube-ovn installation script and chart (kubeo…

…vn#4613)

Signed-off-by: zhangzujian <[email protected]>

charts/kube-ovn/templates/ovncni-ds.yaml

@@ -35,12 +35,10 @@ spec:
         command:
           - sh
           - -xec
-          - |
-            chown -R nobody: /var/log/kube-ovn
-            chmod g+r /run/xtables.lock
-            chmod g+w /var/run/netns
-            {{- if not .Values.DISABLE_MODULES_MANAGEMENT }}
+          - {{ if not .Values.DISABLE_MODULES_MANAGEMENT -}}
             iptables -V
+            {{- else -}}
+            echo "nothing to do"
             {{- end }}
         securityContext:
           allowPrivilegeEscalation: true
@@ -121,8 +119,7 @@ spec:
           - --enable-ovn-ipsec={{- .Values.func.ENABLE_OVN_IPSEC }}
           - --set-vxlan-tx-off={{- .Values.func.SET_VXLAN_TX_OFF }}
         securityContext:
-          runAsUser: {{ include "kubeovn.runAsUser" . }}
-          runAsGroup: 0
+          runAsUser: 0
           privileged: false
           capabilities:
             add:

dist/images/install.sh

@@ -4456,19 +4456,14 @@ spec:
         command:
           - sh
           - -xec
-          - |
-            chown -R nobody: /var/log/kube-ovn
-            chmod g+r /run/xtables.lock
-            chmod g+w /var/run/netns
-            iptables -V
+          - iptables -V
         securityContext:
           allowPrivilegeEscalation: true
           capabilities:
             drop:
               - ALL
           privileged: true
           runAsUser: 0
-          runAsGroup: 0
         volumeMounts:
           - name: usr-local-sbin
             mountPath: /usr/local/sbin
@@ -4523,8 +4518,7 @@ spec:
           - --enable-ovn-ipsec=$ENABLE_OVN_IPSEC
           - --set-vxlan-tx-off=$SET_VXLAN_TX_OFF
         securityContext:
-          runAsUser: ${RUN_AS_USER}
-          runAsGroup: 0
+          runAsUser: 0
           privileged: false
           capabilities:
             add: