From 0d6672784c2f330d898acf9f926f50f8a5027ff7 Mon Sep 17 00:00:00 2001 From: Eric Fried Date: Tue, 9 Mar 2021 12:26:23 -0600 Subject: [PATCH] OSD-6646: osd-cluster-ready Job is managed by configure-alertmanager-operator - With https://github.com/openshift/configure-alertmanager-operator/pull/143, configure-alertmanager-operator is responsible for deploying osd-cluster-ready, so that Job manifest is removed. - https://github.com/openshift/osd-cluster-ready/pull/7 removes the logic that talks to prometheus and alertmanager, so `pods/exec` permissions are removed. - It's weird that this RBAC should still live here in MCC. Add a README acknowledging/explaining that. OSD-6646 --- ...0-osd-ready.openshift-monitoring.Role.yaml | 6 ----- .../osd-cluster-ready/60-osd-ready.Job.yaml | 27 ------------------- deploy/osd-cluster-ready/README.md | 12 +++++++++ ...naged-cluster-config-integration.yaml.tmpl | 27 ------------------- ...anaged-cluster-config-production.yaml.tmpl | 27 ------------------- ...osd-managed-cluster-config-stage.yaml.tmpl | 27 ------------------- 6 files changed, 12 insertions(+), 114 deletions(-) delete mode 100644 deploy/osd-cluster-ready/60-osd-ready.Job.yaml create mode 100644 deploy/osd-cluster-ready/README.md diff --git a/deploy/osd-cluster-ready/20-osd-ready.openshift-monitoring.Role.yaml b/deploy/osd-cluster-ready/20-osd-ready.openshift-monitoring.Role.yaml index d48e407f22..91438dcdf7 100644 --- a/deploy/osd-cluster-ready/20-osd-ready.openshift-monitoring.Role.yaml +++ b/deploy/osd-cluster-ready/20-osd-ready.openshift-monitoring.Role.yaml @@ -12,9 +12,3 @@ rules: verbs: - get - list -- apiGroups: - - "" - resources: - - pods/exec - verbs: - - create diff --git a/deploy/osd-cluster-ready/60-osd-ready.Job.yaml b/deploy/osd-cluster-ready/60-osd-ready.Job.yaml deleted file mode 100644 index 253559bc5d..0000000000 --- a/deploy/osd-cluster-ready/60-osd-ready.Job.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: osd-cluster-ready - namespace: openshift-monitoring -spec: - # NOTE: We're making this ridiculously high to ensure that - # we exceed MAX_CLUSTER_AGE_MINUTES even in the fastest - # case. We rely on the logic in the job to exit cleanly when - # that max age is reached. - backoffLimit: 500 - template: - metadata: - name: osd-cluster-ready - spec: - containers: - # TODO: Remove this override once - # https://bugzilla.redhat.com/show_bug.cgi?id=1921413 - # is resolved - - env: - - name: MAX_CLUSTER_AGE_MINUTES - value: "240" - name: osd-cluster-ready - image: quay.io/openshift-sre/osd-cluster-ready:v0.1.38-614bf59 - command: ["/root/main"] - restartPolicy: OnFailure - serviceAccountName: osd-cluster-ready diff --git a/deploy/osd-cluster-ready/README.md b/deploy/osd-cluster-ready/README.md new file mode 100644 index 0000000000..7b20ee9235 --- /dev/null +++ b/deploy/osd-cluster-ready/README.md @@ -0,0 +1,12 @@ +# osd-cluster-ready RBAC + +This directory contains the RBAC artifacts -- ServiceAccount and [Cluster]Role[Bindings] -- for the [osd-cluster-ready](https://github.com/openshift/osd-cluster-ready) Job that is managed by [configure-alertmanager-operator](https://github.com/openshift/configure-alertmanager-operator). + +This is in lieu of having it either: +- In osd-cluster-ready itself. + We have a [deploy/ directory](https://github.com/openshift/osd-cluster-ready/tree/master/deploy) there already, but those artifacts are not used for real deployments currently. + Unclear how we would do that. +- In [configure-alertmanager-operator](https://github.com/openshift/configure-alertmanager-operator), because that would seem weird. + +That said, it is awkward having it here, because now there are three different repositories that manage (different aspects of) osd-cluster-ready. +So we may some day try to move it. \ No newline at end of file diff --git a/hack/00-osd-managed-cluster-config-integration.yaml.tmpl b/hack/00-osd-managed-cluster-config-integration.yaml.tmpl index 1e2e1faa0a..ed890a6342 100644 --- a/hack/00-osd-managed-cluster-config-integration.yaml.tmpl +++ b/hack/00-osd-managed-cluster-config-integration.yaml.tmpl @@ -4868,12 +4868,6 @@ objects: verbs: - get - list - - apiGroups: - - '' - resources: - - pods/exec - verbs: - - create - apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: @@ -4973,27 +4967,6 @@ objects: - kind: ServiceAccount name: osd-cluster-ready namespace: openshift-monitoring - - apiVersion: batch/v1 - kind: Job - metadata: - name: osd-cluster-ready - namespace: openshift-monitoring - spec: - backoffLimit: 500 - template: - metadata: - name: osd-cluster-ready - spec: - containers: - - env: - - name: MAX_CLUSTER_AGE_MINUTES - value: '240' - name: osd-cluster-ready - image: quay.io/openshift-sre/osd-cluster-ready:v0.1.38-614bf59 - command: - - /root/main - restartPolicy: OnFailure - serviceAccountName: osd-cluster-ready - apiVersion: hive.openshift.io/v1 kind: SelectorSyncSet metadata: diff --git a/hack/00-osd-managed-cluster-config-production.yaml.tmpl b/hack/00-osd-managed-cluster-config-production.yaml.tmpl index edf2c2997d..70be67e84d 100644 --- a/hack/00-osd-managed-cluster-config-production.yaml.tmpl +++ b/hack/00-osd-managed-cluster-config-production.yaml.tmpl @@ -4868,12 +4868,6 @@ objects: verbs: - get - list - - apiGroups: - - '' - resources: - - pods/exec - verbs: - - create - apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: @@ -4973,27 +4967,6 @@ objects: - kind: ServiceAccount name: osd-cluster-ready namespace: openshift-monitoring - - apiVersion: batch/v1 - kind: Job - metadata: - name: osd-cluster-ready - namespace: openshift-monitoring - spec: - backoffLimit: 500 - template: - metadata: - name: osd-cluster-ready - spec: - containers: - - env: - - name: MAX_CLUSTER_AGE_MINUTES - value: '240' - name: osd-cluster-ready - image: quay.io/openshift-sre/osd-cluster-ready:v0.1.38-614bf59 - command: - - /root/main - restartPolicy: OnFailure - serviceAccountName: osd-cluster-ready - apiVersion: hive.openshift.io/v1 kind: SelectorSyncSet metadata: diff --git a/hack/00-osd-managed-cluster-config-stage.yaml.tmpl b/hack/00-osd-managed-cluster-config-stage.yaml.tmpl index 3bc1557368..4563e77117 100644 --- a/hack/00-osd-managed-cluster-config-stage.yaml.tmpl +++ b/hack/00-osd-managed-cluster-config-stage.yaml.tmpl @@ -4868,12 +4868,6 @@ objects: verbs: - get - list - - apiGroups: - - '' - resources: - - pods/exec - verbs: - - create - apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: @@ -4973,27 +4967,6 @@ objects: - kind: ServiceAccount name: osd-cluster-ready namespace: openshift-monitoring - - apiVersion: batch/v1 - kind: Job - metadata: - name: osd-cluster-ready - namespace: openshift-monitoring - spec: - backoffLimit: 500 - template: - metadata: - name: osd-cluster-ready - spec: - containers: - - env: - - name: MAX_CLUSTER_AGE_MINUTES - value: '240' - name: osd-cluster-ready - image: quay.io/openshift-sre/osd-cluster-ready:v0.1.38-614bf59 - command: - - /root/main - restartPolicy: OnFailure - serviceAccountName: osd-cluster-ready - apiVersion: hive.openshift.io/v1 kind: SelectorSyncSet metadata: