remove toolchaincluster resources creation

[mfrancisc]

This PR removes toolchaincluster resouce creation that now is covered by the toolchainresources_controller.

Related PRs:

• Rename member webhook cluster scoped objects member-operator#562
• Check for new member webhook config names toolchain-e2e#950

Replaces:

• remove member toolchaincluster SA creation #106
• remove host toolchaincluster SA creation #105

Jira: https://issues.redhat.com/browse/KUBESAW-24

[MatousJobanek]

How about the ServiceAccount creation?

toolchain-cicd/scripts/add-cluster.sh

Lines 33 to 39 in 4828b26

	cat <<EOF | oc apply ${OC_ADDITIONAL_PARAMS} -f -
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	name: ${SA_NAME}
	namespace: ${OPERATOR_NS}
	EOF

shouldn't we drop that too?

[mfrancisc]

How about the ServiceAccount creation?

@MatousJobanek I tried but I think we need to get rid of

toolchain-cicd/scripts/add-cluster.sh

Line 282 in 35e64c7

SA_TOKEN=$(oc create token ${SA_NAME} --duration 87600h -n ${OPERATOR_NS} ${OC_ADDITIONAL_PARAMS})

. I see it's expected there at least and was causing a failure.

[mfrancisc]

I think we will remove that once we create the ToolchainCluster from the controller as well, right ?

[MatousJobanek]

it's not about creating ToolchainCluster CR, but rather about timing when the SA is created.
These SA should be already created using the new ToolchainCluster_resources controller, right? We maybe call the script too early when the SA is not there yet. Execution of the script (and of the register-member command) relies on the existence of the SA we want to get the token for.
Copy of the secret will be always a manual step, so we should wait until the SA is present.

[rajivnathan]

Shouldn't we update the ToolchainCluster_resources controller to delete the rolebinding before applying the templates before we remove this?

[mfrancisc]

Good point @rajivnathan !

TBH I wasn't aware of this limitation - and this might complicate things a bit since the resource controller is not aware of which resources is creating, it should be generic.

Maybe @MatousJobanek might know better if this is still required ?

[MatousJobanek]

The deletion part was there just to make sure that the RoleBinding can be updated also in the cases when we would change the name of the Role that is referenced there - you know, it's not possible to update roleRef for an already existing RoleBinding.
I guess that this is from the time when we were doing many changes in the content of the script/resources.

That being said, I think that it's fine to keep it as it is in the Toolchaincluster resources controller 👍 we can change it later in the case when we would need to update the roleRef.

[mfrancisc]

Ok , thanks for the background . Thus we can avoid the deletion part in the controller atm.

[mfrancisc]

@rajivnathan @MatousJobanek same here as per https://github.com/codeready-toolchain/toolchain-cicd/pull/107/files#r1608600862

[MatousJobanek]

yeah, the same reason - to be able to update ClusterRole name in the roleRef section

[mfrancisc]

thanks