From 38abf2e5f2f2ba1c91ab2ee19e159a47f1a5b938 Mon Sep 17 00:00:00 2001 From: Gerd Oberlechner <goberlec@redhat.com> Date: Wed, 27 Nov 2024 09:17:39 +0100 Subject: [PATCH] remove imagesync setup from svc template Signed-off-by: Gerd Oberlechner <goberlec@redhat.com> --- .../svc-cluster.tmpl.bicepparam | 1 - .../templates/svc-cluster.bicep | 45 ------------------- 2 files changed, 46 deletions(-) diff --git a/dev-infrastructure/configurations/svc-cluster.tmpl.bicepparam b/dev-infrastructure/configurations/svc-cluster.tmpl.bicepparam index 077fca8d9..d89f00e9d 100644 --- a/dev-infrastructure/configurations/svc-cluster.tmpl.bicepparam +++ b/dev-infrastructure/configurations/svc-cluster.tmpl.bicepparam @@ -42,7 +42,6 @@ param serviceKeyVaultSoftDelete = {{ .serviceKeyVault.softDelete }} param serviceKeyVaultPrivate = {{ .serviceKeyVault.private }} param acrPullResourceGroups = ['{{ .serviceComponentAcrResourceGroups }}'] -param imageSyncAcrResourceGroupNames = ['{{ .imageSync.acrRG }}'] param clustersServiceAcrResourceGroupNames = ['{{ .clusterService.acrRG }}'] param oidcStorageAccountName = '{{ .oidcStorageAccountName }}' diff --git a/dev-infrastructure/templates/svc-cluster.bicep b/dev-infrastructure/templates/svc-cluster.bicep index 69edf4d99..5a843bf69 100644 --- a/dev-infrastructure/templates/svc-cluster.bicep +++ b/dev-infrastructure/templates/svc-cluster.bicep @@ -125,9 +125,6 @@ param serviceKeyVaultSoftDelete bool = true @description('If true, make the service keyvault private and only accessible by the svc cluster via private link.') param serviceKeyVaultPrivate bool = true -@description('Image sync ACR RG name') -param imageSyncAcrResourceGroupNames array = [] - @description('OIDC Storage Account name') param oidcStorageAccountName string @@ -348,48 +345,6 @@ module csDnsZoneContributor '../modules/dns/zone-contributor.bicep' = { } } -// -// I M A G E S Y N C -// - -var imageSyncManagedIdentityPrincipalId = filter( - svcCluster.outputs.userAssignedIdentities, - id => id.uamiName == 'image-sync' -)[0].uamiPrincipalID - -module imageServiceKeyVaultAccess '../modules/keyvault/keyvault-secret-access.bicep' = { - name: guid(serviceKeyVaultName, 'imagesync', 'read') - scope: resourceGroup(serviceKeyVaultResourceGroup) - params: { - keyVaultName: serviceKeyVaultName - roleName: 'Key Vault Secrets User' - managedIdentityPrincipalId: imageSyncManagedIdentityPrincipalId - } - dependsOn: [ - serviceKeyVault - svcCluster - ] -} - -resource imageSyncAcrResourceGroups 'Microsoft.Resources/resourceGroups@2023-07-01' existing = [ - for rg in imageSyncAcrResourceGroupNames: { - name: rg - scope: subscription() - } -] - -module acrPushRole '../modules/acr-permissions.bicep' = [ - for (_, i) in imageSyncAcrResourceGroupNames: { - name: guid(imageSyncAcrResourceGroups[i].id, resourceGroup().name, 'image-sync', 'push') - scope: imageSyncAcrResourceGroups[i] - params: { - principalId: imageSyncManagedIdentityPrincipalId - grantPushAccess: true - acrResourceGroupid: imageSyncAcrResourceGroups[i].id - } - } -] - resource clustersServiceAcrResourceGroups 'Microsoft.Resources/resourceGroups@2023-07-01' existing = [ for rg in clustersServiceAcrResourceGroupNames: { name: rg