remove imagesync setup from svc template (#896)

Signed-off-by: Gerd Oberlechner <[email protected]>
Azure · Nov 27, 2024 · 25ffd77 · 25ffd77
1 parent 72a71ad
commit 25ffd77
Show file tree

Hide file tree

Showing 2 changed files with 0 additions and 46 deletions.
diff --git a/dev-infrastructure/configurations/svc-cluster.tmpl.bicepparam b/dev-infrastructure/configurations/svc-cluster.tmpl.bicepparam
@@ -42,7 +42,6 @@ param serviceKeyVaultSoftDelete = {{ .serviceKeyVault.softDelete }}
 param serviceKeyVaultPrivate = {{ .serviceKeyVault.private }}
 
 param acrPullResourceGroups = ['{{ .serviceComponentAcrResourceGroups }}']
-param imageSyncAcrResourceGroupNames = ['{{ .imageSync.acrRG }}']
 param clustersServiceAcrResourceGroupNames = ['{{ .clusterService.acrRG }}']
 
 param oidcStorageAccountName = '{{ .oidcStorageAccountName }}'

diff --git a/dev-infrastructure/templates/svc-cluster.bicep b/dev-infrastructure/templates/svc-cluster.bicep
@@ -125,9 +125,6 @@ param serviceKeyVaultSoftDelete bool = true
 @description('If true, make the service keyvault private and only accessible by the svc cluster via private link.')
 param serviceKeyVaultPrivate bool = true
 
-@description('Image sync ACR RG name')
-param imageSyncAcrResourceGroupNames array = []
-
 @description('OIDC Storage Account name')
 param oidcStorageAccountName string
 
@@ -348,48 +345,6 @@ module csDnsZoneContributor '../modules/dns/zone-contributor.bicep' = {
   }
 }
 
-//
-//   I M A G E   S Y N C
-//
-
-var imageSyncManagedIdentityPrincipalId = filter(
-  svcCluster.outputs.userAssignedIdentities,
-  id => id.uamiName == 'image-sync'
-)[0].uamiPrincipalID
-
-module imageServiceKeyVaultAccess '../modules/keyvault/keyvault-secret-access.bicep' = {
-  name: guid(serviceKeyVaultName, 'imagesync', 'read')
-  scope: resourceGroup(serviceKeyVaultResourceGroup)
-  params: {
-    keyVaultName: serviceKeyVaultName
-    roleName: 'Key Vault Secrets User'
-    managedIdentityPrincipalId: imageSyncManagedIdentityPrincipalId
-  }
-  dependsOn: [
-    serviceKeyVault
-    svcCluster
-  ]
-}
-
-resource imageSyncAcrResourceGroups 'Microsoft.Resources/resourceGroups@2023-07-01' existing = [
-  for rg in imageSyncAcrResourceGroupNames: {
-    name: rg
-    scope: subscription()
-  }
-]
-
-module acrPushRole '../modules/acr-permissions.bicep' = [
-  for (_, i) in imageSyncAcrResourceGroupNames: {
-    name: guid(imageSyncAcrResourceGroups[i].id, resourceGroup().name, 'image-sync', 'push')
-    scope: imageSyncAcrResourceGroups[i]
-    params: {
-      principalId: imageSyncManagedIdentityPrincipalId
-      grantPushAccess: true
-      acrResourceGroupid: imageSyncAcrResourceGroups[i].id
-    }
-  }
-]
-
 resource clustersServiceAcrResourceGroups 'Microsoft.Resources/resourceGroups@2023-07-01' existing = [
   for rg in clustersServiceAcrResourceGroupNames: {
     name: rg