From 217a41c9eed95d2a4f142bf2c245fe674cbd327e Mon Sep 17 00:00:00 2001 From: Gerd Oberlechner Date: Tue, 3 Dec 2024 09:37:35 +0100 Subject: [PATCH 1/3] remove external DNS from MGMT cluster * remove external DNS managed identity and DNS zone permissions * remove external DNS deployment from MGMT cluster https://issues.redhat.com/browse/ARO-12551 Signed-off-by: Gerd Oberlechner --- config/config.msft.yaml | 6 +- config/config.schema.json | 21 ------ config/config.yaml | 6 +- config/public-cloud-cs-pr.json | 7 +- config/public-cloud-dev.json | 7 +- config/public-cloud-msft-int.json | 7 +- config/public-cloud-personal-dev.json | 7 +- .../mgmt-cluster.tmpl.bicepparam | 8 --- .../templates/mgmt-cluster.bicep | 35 ---------- hypershiftoperator/Makefile | 11 +-- hypershiftoperator/config.tmpl.mk | 5 -- hypershiftoperator/deploy/helm/Chart.yaml | 4 -- .../helm/charts/external-dns/Chart.yaml | 5 -- .../templates/clusterrole-external-dns.yaml | 25 ------- .../clusterrolebinding-external-dns.yaml | 13 ---- .../templates/deployment-external-dns.yaml | 69 ------------------- .../templates/podmonitor-external-dns.yaml | 17 ----- .../templates/secret-external-dns-azure.yaml | 15 ---- .../serviceaccount-external-dns.yaml | 8 --- .../helm/charts/external-dns/values.yaml | 9 --- hypershiftoperator/deploy/helm/values.yaml | 11 --- 21 files changed, 7 insertions(+), 289 deletions(-) delete mode 100644 hypershiftoperator/deploy/helm/charts/external-dns/Chart.yaml delete mode 100644 hypershiftoperator/deploy/helm/charts/external-dns/templates/clusterrole-external-dns.yaml delete mode 100644 hypershiftoperator/deploy/helm/charts/external-dns/templates/clusterrolebinding-external-dns.yaml delete mode 100644 hypershiftoperator/deploy/helm/charts/external-dns/templates/deployment-external-dns.yaml delete mode 100644 hypershiftoperator/deploy/helm/charts/external-dns/templates/podmonitor-external-dns.yaml delete mode 100644 hypershiftoperator/deploy/helm/charts/external-dns/templates/secret-external-dns-azure.yaml delete mode 100644 hypershiftoperator/deploy/helm/charts/external-dns/templates/serviceaccount-external-dns.yaml delete mode 100644 hypershiftoperator/deploy/helm/charts/external-dns/values.yaml diff --git a/config/config.msft.yaml b/config/config.msft.yaml index f8a337509..de23737e4 100644 --- a/config/config.msft.yaml +++ b/config/config.msft.yaml @@ -20,8 +20,6 @@ defaults: hypershift: namespace: hypershift additionalInstallArg: '--tech-preview-no-upgrade' - externalDNSManagedIdentityName: external-dns - externalDNSServiceAccountName: external-dns svc: subscription: hcp-{{ .ctx.region }} @@ -81,7 +79,7 @@ defaults: rg: hcp-underlay-imagesync acrRG: '{{ .ctx.region }}-shared-resources' environmentName: aro-hcp-image-sync - repositories: registry.k8s.io/external-dns/external-dns,quay.io/acm-d/rhtap-hypershift-operator,quay.io/app-sre/uhc-clusters-service,quay.io/package-operator/package-operator-package + repositories: quay.io/acm-d/rhtap-hypershift-operator,quay.io/app-sre/uhc-clusters-service,quay.io/package-operator/package-operator-package imageRepo: image-sync/component-sync imageTag: latest ocMirror: @@ -131,8 +129,6 @@ clouds: imageRepo: app-sre/uhc-clusters-service hypershiftOperator: imageTag: 9aca808 - externalDNS: - imageTag: v0.14.2 environments: int: diff --git a/config/config.schema.json b/config/config.schema.json index 3569ae1d8..f5b6c6345 100644 --- a/config/config.schema.json +++ b/config/config.schema.json @@ -83,18 +83,6 @@ "softDelete" ] }, - "externalDNS": { - "type": "object", - "properties": { - "imageTag": { - "type": "string" - } - }, - "additionalProperties": false, - "required": [ - "imageTag" - ] - }, "extraVars": { "type": "object", "properties": {}, @@ -151,12 +139,6 @@ "additionalInstallArg": { "type": "string" }, - "externalDNSManagedIdentityName": { - "type": "string" - }, - "externalDNSServiceAccountName": { - "type": "string" - }, "namespace": { "type": "string" } @@ -164,8 +146,6 @@ "additionalProperties": false, "required": [ "additionalInstallArg", - "externalDNSManagedIdentityName", - "externalDNSServiceAccountName", "namespace" ] }, @@ -607,7 +587,6 @@ "baseDnsZoneRG", "clusterService", "cxKeyVault", - "externalDNS", "firstPartyAppClientId", "frontend", "globalRG", diff --git a/config/config.yaml b/config/config.yaml index f13eb75b6..6143b68da 100644 --- a/config/config.yaml +++ b/config/config.yaml @@ -20,8 +20,6 @@ defaults: hypershift: namespace: hypershift additionalInstallArg: '--tech-preview-no-upgrade' - externalDNSManagedIdentityName: external-dns - externalDNSServiceAccountName: external-dns svc: subscription: hcp-{{ .ctx.region }} @@ -80,7 +78,7 @@ defaults: rg: hcp-underlay-{{ .ctx.regionShort }}-imagesync acrRG: global environmentName: aro-hcp-image-sync - repositories: registry.k8s.io/external-dns/external-dns,quay.io/acm-d/rhtap-hypershift-operator,quay.io/app-sre/uhc-clusters-service,quay.io/package-operator/package-operator-package + repositories: quay.io/acm-d/rhtap-hypershift-operator,quay.io/app-sre/uhc-clusters-service,quay.io/package-operator/package-operator-package imageRepo: image-sync/component-sync imageTag: latest ocMirror: @@ -134,8 +132,6 @@ clouds: # Hypershift Operator hypershiftOperator: imageTag: 9aca808 - externalDNS: - imageTag: v0.14.2 # Shared SVC KV serviceKeyVault: name: 'aro-hcp-dev-svc-kv' diff --git a/config/public-cloud-cs-pr.json b/config/public-cloud-cs-pr.json index 6409c8a29..ffa93fa93 100644 --- a/config/public-cloud-cs-pr.json +++ b/config/public-cloud-cs-pr.json @@ -20,9 +20,6 @@ "private": false, "softDelete": false }, - "externalDNS": { - "imageTag": "v0.14.2" - }, "extraVars": {}, "firstPartyAppClientId": "57e54810-3138-4f38-bd3b-29cb33f4c358", "frontend": { @@ -36,8 +33,6 @@ "globalRG": "global", "hypershift": { "additionalInstallArg": "--tech-preview-no-upgrade", - "externalDNSManagedIdentityName": "external-dns", - "externalDNSServiceAccountName": "external-dns", "namespace": "hypershift" }, "hypershiftOperator": { @@ -48,7 +43,7 @@ "environmentName": "aro-hcp-image-sync", "imageRepo": "image-sync/component-sync", "imageTag": "latest", - "repositories": "registry.k8s.io/external-dns/external-dns,quay.io/acm-d/rhtap-hypershift-operator,quay.io/app-sre/uhc-clusters-service,quay.io/package-operator/package-operator-package", + "repositories": "quay.io/acm-d/rhtap-hypershift-operator,quay.io/app-sre/uhc-clusters-service,quay.io/package-operator/package-operator-package", "rg": "hcp-underlay-westus3-imagesync-dev" }, "istioVersion": "asm-1-22", diff --git a/config/public-cloud-dev.json b/config/public-cloud-dev.json index be870536c..4fa071d4e 100644 --- a/config/public-cloud-dev.json +++ b/config/public-cloud-dev.json @@ -20,9 +20,6 @@ "private": false, "softDelete": false }, - "externalDNS": { - "imageTag": "v0.14.2" - }, "extraVars": {}, "firstPartyAppClientId": "57e54810-3138-4f38-bd3b-29cb33f4c358", "frontend": { @@ -36,8 +33,6 @@ "globalRG": "global", "hypershift": { "additionalInstallArg": "--tech-preview-no-upgrade", - "externalDNSManagedIdentityName": "external-dns", - "externalDNSServiceAccountName": "external-dns", "namespace": "hypershift" }, "hypershiftOperator": { @@ -48,7 +43,7 @@ "environmentName": "aro-hcp-image-sync", "imageRepo": "image-sync/component-sync", "imageTag": "latest", - "repositories": "registry.k8s.io/external-dns/external-dns,quay.io/acm-d/rhtap-hypershift-operator,quay.io/app-sre/uhc-clusters-service,quay.io/package-operator/package-operator-package", + "repositories": "quay.io/acm-d/rhtap-hypershift-operator,quay.io/app-sre/uhc-clusters-service,quay.io/package-operator/package-operator-package", "rg": "hcp-underlay-westus3-imagesync-dev" }, "istioVersion": "asm-1-22", diff --git a/config/public-cloud-msft-int.json b/config/public-cloud-msft-int.json index 0d7d0ced4..496222c41 100644 --- a/config/public-cloud-msft-int.json +++ b/config/public-cloud-msft-int.json @@ -20,9 +20,6 @@ "private": false, "softDelete": false }, - "externalDNS": { - "imageTag": "v0.14.2" - }, "extraVars": {}, "firstPartyAppClientId": "??? the one used by CS to do first party stuff ???", "frontend": { @@ -36,8 +33,6 @@ "globalRG": "global-shared-resources", "hypershift": { "additionalInstallArg": "--tech-preview-no-upgrade", - "externalDNSManagedIdentityName": "external-dns", - "externalDNSServiceAccountName": "external-dns", "namespace": "hypershift" }, "hypershiftOperator": { @@ -48,7 +43,7 @@ "environmentName": "aro-hcp-image-sync", "imageRepo": "image-sync/component-sync", "imageTag": "latest", - "repositories": "registry.k8s.io/external-dns/external-dns,quay.io/acm-d/rhtap-hypershift-operator,quay.io/app-sre/uhc-clusters-service,quay.io/package-operator/package-operator-package", + "repositories": "quay.io/acm-d/rhtap-hypershift-operator,quay.io/app-sre/uhc-clusters-service,quay.io/package-operator/package-operator-package", "rg": "hcp-underlay-imagesync" }, "istioVersion": "asm-1-22", diff --git a/config/public-cloud-personal-dev.json b/config/public-cloud-personal-dev.json index 923f7f834..61fcab55d 100644 --- a/config/public-cloud-personal-dev.json +++ b/config/public-cloud-personal-dev.json @@ -20,9 +20,6 @@ "private": false, "softDelete": false }, - "externalDNS": { - "imageTag": "v0.14.2" - }, "extraVars": {}, "firstPartyAppClientId": "57e54810-3138-4f38-bd3b-29cb33f4c358", "frontend": { @@ -36,8 +33,6 @@ "globalRG": "global", "hypershift": { "additionalInstallArg": "--tech-preview-no-upgrade", - "externalDNSManagedIdentityName": "external-dns", - "externalDNSServiceAccountName": "external-dns", "namespace": "hypershift" }, "hypershiftOperator": { @@ -48,7 +43,7 @@ "environmentName": "aro-hcp-image-sync", "imageRepo": "image-sync/component-sync", "imageTag": "latest", - "repositories": "registry.k8s.io/external-dns/external-dns,quay.io/acm-d/rhtap-hypershift-operator,quay.io/app-sre/uhc-clusters-service,quay.io/package-operator/package-operator-package", + "repositories": "quay.io/acm-d/rhtap-hypershift-operator,quay.io/app-sre/uhc-clusters-service,quay.io/package-operator/package-operator-package", "rg": "hcp-underlay-westus3-imagesync-dev" }, "istioVersion": "asm-1-22", diff --git a/dev-infrastructure/configurations/mgmt-cluster.tmpl.bicepparam b/dev-infrastructure/configurations/mgmt-cluster.tmpl.bicepparam index 0a76a89c7..32a5ac7c4 100644 --- a/dev-infrastructure/configurations/mgmt-cluster.tmpl.bicepparam +++ b/dev-infrastructure/configurations/mgmt-cluster.tmpl.bicepparam @@ -23,14 +23,6 @@ param maestroConsumerName = '{{ .maestro.consumerName }}' param maestroEventGridNamespacesName = '{{ .maestro.eventGrid.name }}' param maestroCertDomain = '{{ .maestro.certDomain }}' -// Hypershift -param hypershiftNamespace = '{{ .hypershift.namespace }}' -param externalDNSManagedIdentityName = '{{ .hypershift.externalDNSManagedIdentityName }}' -param externalDNSServiceAccountName = '{{ .hypershift.externalDNSServiceAccountName }}' - -// DNS -param regionalDNSZoneName = '{{ .regionalDNSSubdomain}}.{{ .baseDnsZoneName }}' - // ACR param acrPullResourceGroups = ['{{ .serviceComponentAcrResourceGroups }}'] diff --git a/dev-infrastructure/templates/mgmt-cluster.bicep b/dev-infrastructure/templates/mgmt-cluster.bicep index 3670dcb5f..2f851bdd8 100644 --- a/dev-infrastructure/templates/mgmt-cluster.bicep +++ b/dev-infrastructure/templates/mgmt-cluster.bicep @@ -59,15 +59,6 @@ param aksKeyVaultName string @description('Manage soft delete setting for AKS etcd key-value store') param aksEtcdKVEnableSoftDelete bool = true -@description('The name of the hypershift namespace.') -param hypershiftNamespace string - -@description('The name of the external DNS managed identity.') -param externalDNSManagedIdentityName string - -@description('The name of the external DNS service account.') -param externalDNSServiceAccountName string - @description('The name of the maestro consumer.') param maestroConsumerName string @@ -77,9 +68,6 @@ param maestroCertDomain string @description('The name of the eventgrid namespace for Maestro.') param maestroEventGridNamespacesName string -@description('This is a regional DNS zone') -param regionalDNSZoneName string - @description('The resource group that hosts the regional zone') param regionalResourceGroup string @@ -148,11 +136,6 @@ module mgmtCluster '../modules/aks-cluster-base.bicep' = { namespace: 'maestro' serviceAccountName: 'maestro' } - external_dns_wi: { - uamiName: externalDNSManagedIdentityName - namespace: hypershiftNamespace - serviceAccountName: externalDNSServiceAccountName - } }) aksKeyVaultName: aksKeyVaultName acrPullResourceGroups: acrPullResourceGroups @@ -193,24 +176,6 @@ module maestroConsumer '../modules/maestro/maestro-consumer.bicep' = { ] } -// -// E X T E R N A L D N S -// - -var externalDnsManagedIdentityPrincipalId = filter( - mgmtCluster.outputs.userAssignedIdentities, - id => id.uamiName == externalDNSManagedIdentityName -)[0].uamiPrincipalID - -module dnsZoneContributor '../modules/dns/zone-contributor.bicep' = { - name: guid(regionalDNSZoneName, mgmtCluster.name, externalDNSManagedIdentityName) - scope: resourceGroup(regionalResourceGroup) - params: { - zoneName: regionalDNSZoneName - zoneContributerManagedIdentityPrincipalId: externalDnsManagedIdentityPrincipalId - } -} - // // K E Y V A U L T S // diff --git a/hypershiftoperator/Makefile b/hypershiftoperator/Makefile index 997cae450..d65bc605f 100644 --- a/hypershiftoperator/Makefile +++ b/hypershiftoperator/Makefile @@ -4,8 +4,7 @@ $(shell ../templatize.sh $(DEPLOY_ENV) config.tmpl.mk config.mk) include config.mk deploy: - @EXTERNAL_DNS_OPERATOR_MI_CLIENT_ID=$(shell az identity show -g ${RESOURCEGROUP} -n ${EXTERNAL_DNS_MI_NAME} --query clientId -o tsv) && \ - AZURE_TENANT_ID=$(shell az account show --query tenantId --output tsv) && \ + @AZURE_TENANT_ID=$(shell az account show --query tenantId --output tsv) && \ AZURE_SUBSCRIPTION_ID=$(shell az account show --query id --output tsv) && \ CSI_SECRET_STORE_CLIENT_ID=$(shell az aks show -n ${AKS_NAME} -g ${RESOURCEGROUP} --query 'addonProfiles.azureKeyvaultSecretsProvider.identity.clientId' -o tsv) && \ helm upgrade --install hypershift deploy/helm \ @@ -15,13 +14,5 @@ deploy: --set registryOverrides="quay.io/openshift-release-dev/ocp-v4.0-art-dev=${ARO_HCP_OCP_ACR}.azurecr.io/openshift/release\,quay.io/openshift-release-dev/ocp-release=${ARO_HCP_OCP_ACR}.azurecr.io/openshift/release-images\,registry.redhat.io/redhat=${ARO_HCP_OCP_ACR}.azurecr.io/redhat" \ --set additionalArgs="${HO_ADDITIONAL_INSTALL_ARG}" \ --set azureKeyVaultClientId=$${CSI_SECRET_STORE_CLIENT_ID} \ - --set external-dns.image=${ED_IMAGE_BASE} \ - --set external-dns.imageTag=${ED_IMAGE_TAG} \ - --set external-dns.txtOwnerId=${RESOURCEGROUP} \ - --set external-dns.domain=${ZONE_NAME} \ - --set external-dns.credentials.tenantId=$${AZURE_TENANT_ID} \ - --set external-dns.credentials.subscriptionId=$${AZURE_SUBSCRIPTION_ID} \ - --set external-dns.credentials.resourceGroup=${REGIONAL_RESOURCEGROUP} \ - --set external-dns.credentials.userAssignedIdentityID=$${EXTERNAL_DNS_OPERATOR_MI_CLIENT_ID} .PHONY: helm-chart deploy diff --git a/hypershiftoperator/config.tmpl.mk b/hypershiftoperator/config.tmpl.mk index c46c26541..2acb6f905 100644 --- a/hypershiftoperator/config.tmpl.mk +++ b/hypershiftoperator/config.tmpl.mk @@ -3,17 +3,12 @@ ARO_HCP_OCP_ACR ?= {{ .ocpAcrName }} HO_IMAGE_TAG ?= {{ .hypershiftOperator.imageTag }} HO_IMAGE_BASE ?= ${ARO_HCP_SVC_ACR}.azurecr.io/acm-d/rhtap-hypershift-operator HO_IMAGE ?= ${HO_IMAGE_BASE}:${HO_IMAGE_TAG} -ED_IMAGE ?= ${ARO_HCP_SVC_ACR}.azurecr.io/external-dns/external-dns:${ED_IMAGE_TAG} -ED_IMAGE_TAG ?= {{ .externalDNS.imageTag }} -ED_IMAGE_BASE ?= ${ARO_HCP_SVC_ACR}.azurecr.io/external-dns/external-dns -ED_IMAGE ?= ${ED_IMAGE_BASE}:${ED_IMAGE_TAG} RESOURCEGROUP ?= {{ .mgmt.rg }} REGIONAL_RESOURCEGROUP ?= {{ .regionRG }} ZONE_NAME ?= {{ .regionalDNSSubdomain }}.{{ .baseDnsZoneName }} AKS_NAME ?= {{ .aksName }} HYPERSHIFT_NAMESPACE ?= {{ .hypershift.namespace}} -EXTERNAL_DNS_MI_NAME ?= {{ .hypershift.externalDNSManagedIdentityName }} HO_CHART_DIR ?= deploy/helm/charts/hypershift-operator HO_ADDITIONAL_INSTALL_ARG ?= {{ .hypershift.additionalInstallArg }} diff --git a/hypershiftoperator/deploy/helm/Chart.yaml b/hypershiftoperator/deploy/helm/Chart.yaml index 0e58ab74d..29ca2bad1 100644 --- a/hypershiftoperator/deploy/helm/Chart.yaml +++ b/hypershiftoperator/deploy/helm/Chart.yaml @@ -3,7 +3,3 @@ description: A Helm chart to install the Hypershift Operator and deps for ARO name: aro-hcp-hypershift-operator type: application version: 0.1.0 - -dependencies: -- name: "external-dns" - version: "0.14.2" diff --git a/hypershiftoperator/deploy/helm/charts/external-dns/Chart.yaml b/hypershiftoperator/deploy/helm/charts/external-dns/Chart.yaml deleted file mode 100644 index 47486a6c5..000000000 --- a/hypershiftoperator/deploy/helm/charts/external-dns/Chart.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v2 -description: A Helm chart for External DNS -name: external-dns -type: application -version: 0.14.2 diff --git a/hypershiftoperator/deploy/helm/charts/external-dns/templates/clusterrole-external-dns.yaml b/hypershiftoperator/deploy/helm/charts/external-dns/templates/clusterrole-external-dns.yaml deleted file mode 100644 index f4d30e382..000000000 --- a/hypershiftoperator/deploy/helm/charts/external-dns/templates/clusterrole-external-dns.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - name: external-dns -rules: -- apiGroups: - - route.openshift.io - resources: - - '*' - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - endpoints - - services - - nodes - - pods - verbs: - - get - - list - - watch diff --git a/hypershiftoperator/deploy/helm/charts/external-dns/templates/clusterrolebinding-external-dns.yaml b/hypershiftoperator/deploy/helm/charts/external-dns/templates/clusterrolebinding-external-dns.yaml deleted file mode 100644 index f2cee3164..000000000 --- a/hypershiftoperator/deploy/helm/charts/external-dns/templates/clusterrolebinding-external-dns.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - name: external-dns -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: external-dns -subjects: -- kind: ServiceAccount - name: external-dns - namespace: hypershift diff --git a/hypershiftoperator/deploy/helm/charts/external-dns/templates/deployment-external-dns.yaml b/hypershiftoperator/deploy/helm/charts/external-dns/templates/deployment-external-dns.yaml deleted file mode 100644 index 488df28ba..000000000 --- a/hypershiftoperator/deploy/helm/charts/external-dns/templates/deployment-external-dns.yaml +++ /dev/null @@ -1,69 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - name: external-dns - namespace: '{{ .Release.Namespace }}' -spec: - replicas: 1 - selector: - matchLabels: - name: external-dns - strategy: {} - template: - metadata: - creationTimestamp: null - labels: - app: external-dns - hypershift.openshift.io/operator-component: external-dns - name: external-dns - azure.workload.identity/use: "true" - spec: - containers: - - args: - - --source=service - - --source=openshift-route - - --domain-filter={{ .Values.domain }} - - --provider=azure - - --registry=txt - - --txt-suffix=-external-dns - - --txt-owner-id={{ .Values.txtOwnerId }} - - --label-filter=hypershift.openshift.io/route-visibility!=private - - --interval=1m - - --txt-cache-interval=1h - - --azure-config-file=/etc/provider/credentials - command: - - /ko-app/external-dns - image: "{{ .Values.image }}:{{ .Values.imageTag }}" - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 7979 - scheme: HTTP - initialDelaySeconds: 60 - periodSeconds: 60 - successThreshold: 1 - timeoutSeconds: 5 - name: external-dns - ports: - - containerPort: 7979 - name: metrics - resources: - requests: - cpu: 5m - memory: 20Mi - securityContext: - privileged: false - readOnlyRootFilesystem: true - volumeMounts: - - mountPath: /etc/provider - name: credentials - priorityClassName: hypershift-operator - serviceAccountName: external-dns - volumes: - - name: credentials - secret: - secretName: external-dns-azure -status: {} diff --git a/hypershiftoperator/deploy/helm/charts/external-dns/templates/podmonitor-external-dns.yaml b/hypershiftoperator/deploy/helm/charts/external-dns/templates/podmonitor-external-dns.yaml deleted file mode 100644 index a781b2c24..000000000 --- a/hypershiftoperator/deploy/helm/charts/external-dns/templates/podmonitor-external-dns.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: azmonitoring.coreos.com/v1 -kind: PodMonitor -metadata: - creationTimestamp: null - name: external-dns - namespace: '{{ .Release.Namespace }}' -spec: - jobLabel: component - namespaceSelector: {} - podMetricsEndpoints: - - bearerTokenSecret: - key: "" - interval: 30s - port: metrics - selector: - matchLabels: - name: external-dns diff --git a/hypershiftoperator/deploy/helm/charts/external-dns/templates/secret-external-dns-azure.yaml b/hypershiftoperator/deploy/helm/charts/external-dns/templates/secret-external-dns-azure.yaml deleted file mode 100644 index a31bd3418..000000000 --- a/hypershiftoperator/deploy/helm/charts/external-dns/templates/secret-external-dns-azure.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: external-dns-azure - namespace: '{{ .Release.Namespace }}' -type: Opaque -stringData: - credentials: | - { - "tenantId": "{{ .Values.credentials.tenantId }}", - "subscriptionId": "{{ .Values.credentials.subscriptionId }}", - "resourceGroup": "{{ .Values.credentials.resourceGroup }}", - "useWorkloadIdentityExtension": true, - "userAssignedIdentityID": "{{ .Values.credentials.userAssignedIdentityID }}" - } diff --git a/hypershiftoperator/deploy/helm/charts/external-dns/templates/serviceaccount-external-dns.yaml b/hypershiftoperator/deploy/helm/charts/external-dns/templates/serviceaccount-external-dns.yaml deleted file mode 100644 index ea988fa76..000000000 --- a/hypershiftoperator/deploy/helm/charts/external-dns/templates/serviceaccount-external-dns.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - name: external-dns - namespace: '{{ .Release.Namespace }}' - annotations: - azure.workload.identity/client-id: '{{ .Values.credentials.userAssignedIdentityID }}' diff --git a/hypershiftoperator/deploy/helm/charts/external-dns/values.yaml b/hypershiftoperator/deploy/helm/charts/external-dns/values.yaml deleted file mode 100644 index 2bd0e508d..000000000 --- a/hypershiftoperator/deploy/helm/charts/external-dns/values.yaml +++ /dev/null @@ -1,9 +0,0 @@ -image: "" -imageTag: "" -txtOwnerId: "" -domain: "" -credentials: - tenantId: "" - subscriptionId: "" - resourceGroup: "" - userAssignedIdentityID: "" diff --git a/hypershiftoperator/deploy/helm/values.yaml b/hypershiftoperator/deploy/helm/values.yaml index 0c7e832d4..178844fd8 100644 --- a/hypershiftoperator/deploy/helm/values.yaml +++ b/hypershiftoperator/deploy/helm/values.yaml @@ -8,14 +8,3 @@ imageTag: "" registryOverrides: "" azureKeyVaultClientId: "" additionalArgs: "" - -external-dns: - image: "" - imageTag: "" - txtOwnerId: "" - domain: "" - credentials: - tenantId: "" - subscriptionId: "" - resourceGroup: "" - userAssignedIdentityID: "" From 007818aa357ab17f5e9e5a68a36f65fa7c91625d Mon Sep 17 00:00:00 2001 From: Gerd Oberlechner Date: Tue, 3 Dec 2024 13:10:09 +0100 Subject: [PATCH 2/3] lint Signed-off-by: Gerd Oberlechner --- hypershiftoperator/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hypershiftoperator/Makefile b/hypershiftoperator/Makefile index d65bc605f..bb7a6e795 100644 --- a/hypershiftoperator/Makefile +++ b/hypershiftoperator/Makefile @@ -13,6 +13,6 @@ deploy: --set imageTag=${HO_IMAGE_TAG} \ --set registryOverrides="quay.io/openshift-release-dev/ocp-v4.0-art-dev=${ARO_HCP_OCP_ACR}.azurecr.io/openshift/release\,quay.io/openshift-release-dev/ocp-release=${ARO_HCP_OCP_ACR}.azurecr.io/openshift/release-images\,registry.redhat.io/redhat=${ARO_HCP_OCP_ACR}.azurecr.io/redhat" \ --set additionalArgs="${HO_ADDITIONAL_INSTALL_ARG}" \ - --set azureKeyVaultClientId=$${CSI_SECRET_STORE_CLIENT_ID} \ + --set azureKeyVaultClientId=$${CSI_SECRET_STORE_CLIENT_ID} .PHONY: helm-chart deploy From 9dd380608fbde312b1c43bcfe464ba126f83703a Mon Sep 17 00:00:00 2001 From: Gerd Oberlechner Date: Wed, 4 Dec 2024 10:55:10 +0100 Subject: [PATCH 3/3] bump CS Signed-off-by: Gerd Oberlechner --- config/config.yaml | 2 +- config/public-cloud-cs-pr.json | 2 +- config/public-cloud-dev.json | 2 +- config/public-cloud-personal-dev.json | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/config/config.yaml b/config/config.yaml index 6143b68da..a85031731 100644 --- a/config/config.yaml +++ b/config/config.yaml @@ -127,7 +127,7 @@ clouds: imageTag: ea066c250a002f0cc458711945165591bc9f6d3f # Cluster Service clusterService: - imageTag: ecd15ad + imageTag: 6157c57 imageRepo: app-sre/uhc-clusters-service # Hypershift Operator hypershiftOperator: diff --git a/config/public-cloud-cs-pr.json b/config/public-cloud-cs-pr.json index ffa93fa93..33cd6ecc7 100644 --- a/config/public-cloud-cs-pr.json +++ b/config/public-cloud-cs-pr.json @@ -7,7 +7,7 @@ "clusterService": { "acrRG": "global", "imageRepo": "app-sre/uhc-clusters-service", - "imageTag": "ecd15ad", + "imageTag": "6157c57", "postgres": { "deploy": true, "minTLSVersion": "TLSV1.2", diff --git a/config/public-cloud-dev.json b/config/public-cloud-dev.json index 4fa071d4e..c1c6c73c2 100644 --- a/config/public-cloud-dev.json +++ b/config/public-cloud-dev.json @@ -7,7 +7,7 @@ "clusterService": { "acrRG": "global", "imageRepo": "app-sre/uhc-clusters-service", - "imageTag": "ecd15ad", + "imageTag": "6157c57", "postgres": { "deploy": true, "minTLSVersion": "TLSV1.2", diff --git a/config/public-cloud-personal-dev.json b/config/public-cloud-personal-dev.json index 61fcab55d..661b3440a 100644 --- a/config/public-cloud-personal-dev.json +++ b/config/public-cloud-personal-dev.json @@ -7,7 +7,7 @@ "clusterService": { "acrRG": "global", "imageRepo": "app-sre/uhc-clusters-service", - "imageTag": "ecd15ad", + "imageTag": "6157c57", "postgres": { "deploy": false, "minTLSVersion": "TLSV1.2",