ROX-27176: Remove observability configuration from acs-fleet-manager

.secrets.baseline

@@ -277,7 +277,7 @@
         "filename": "internal/dinosaur/pkg/api/public/api/openapi.yaml",
         "hashed_secret": "5b455797b93de5b6a19633ba22127c8a610f5c1b",
         "is_verified": false,
-        "line_number": 1535
+        "line_number": 1343
       }
     ],
     "internal/dinosaur/pkg/presenters/managedcentral.go": [
@@ -339,63 +339,63 @@
         "filename": "templates/service-template.yml",
         "hashed_secret": "13032f402fed753c2248419ea4f69f99931f6dbc",
         "is_verified": false,
-        "line_number": 524
+        "line_number": 471
       },
       {
         "type": "Base64 High Entropy String",
         "filename": "templates/service-template.yml",
         "hashed_secret": "30025f80f6e22cdafb85db387d50f90ea884576a",
         "is_verified": false,
-        "line_number": 524
+        "line_number": 471
       },
       {
         "type": "Base64 High Entropy String",
         "filename": "templates/service-template.yml",
         "hashed_secret": "355f24fd038bcaf85617abdcaa64af51ed19bbcf",
         "is_verified": false,
-        "line_number": 524
+        "line_number": 471
       },
       {
         "type": "Base64 High Entropy String",
         "filename": "templates/service-template.yml",
         "hashed_secret": "3d8a1dcd2c3c765ce35c9a9552d23273cc4ddace",
         "is_verified": false,
-        "line_number": 524
+        "line_number": 471
       },
       {
         "type": "Base64 High Entropy String",
         "filename": "templates/service-template.yml",
         "hashed_secret": "4ac7b0522761eba972467942cd5cd7499dd2c361",
         "is_verified": false,
-        "line_number": 524
+        "line_number": 471
       },
       {
         "type": "Base64 High Entropy String",
         "filename": "templates/service-template.yml",
         "hashed_secret": "7639ab2a6bcf2ea30a055a99468c9cd844d4c22a",
         "is_verified": false,
-        "line_number": 524
+        "line_number": 471
       },
       {
         "type": "Base64 High Entropy String",
         "filename": "templates/service-template.yml",
         "hashed_secret": "b56360daf4793d2a74991a972b34d95bc00fb2da",
         "is_verified": false,
-        "line_number": 524
+        "line_number": 471
       },
       {
         "type": "Base64 High Entropy String",
         "filename": "templates/service-template.yml",
         "hashed_secret": "c9a73ef9ee8ce9f38437227801c70bcc6740d1a1",
         "is_verified": false,
-        "line_number": 524
+        "line_number": 471
       },
       {
         "type": "Secret Keyword",
         "filename": "templates/service-template.yml",
         "hashed_secret": "4e199b4a1c40b497a95fcd1cd896351733849949",
         "is_verified": false,
-        "line_number": 707,
+        "line_number": 654,
         "is_secret": false
       }
     ],
@@ -425,5 +425,5 @@
       }
     ]
   },
-  "generated_at": "2024-10-17T08:34:41Z"
+  "generated_at": "2024-11-26T16:50:48Z"
 }

Makefile

@@ -215,8 +215,6 @@ help:
 	@echo "make setup/git/hooks             setup git hooks"
 	@echo "make secrets/touch               touch all required secret files"
 	@echo "make centralcert/setup           setup the central TLS certificate used for Managed Central Service"
-	@echo "make observatorium/setup         setup observatorium secrets used by CI"
-	@echo "make observatorium/token-refresher/setup" setup a local observatorium token refresher
 	@echo "make docker/login/internal       login to an openshift cluster image registry"
 	@echo "make image/push/internal         push image to an openshift cluster image registry."
 	@echo "make deploy/project              deploy the service via templates to an openshift cluster"
@@ -634,7 +632,6 @@ secrets/touch:
           secrets/central-tls.crt \
           secrets/central-tls.key \
           secrets/central.idp-client-secret \
-          secrets/observability-config-access.token \
           secrets/ocm-service.clientId \
           secrets/ocm-service.clientSecret \
           secrets/ocm-service.token \
@@ -675,31 +672,6 @@ centralcert/setup:
 	@echo -n "$(CENTRAL_TLS_KEY)" > secrets/central-tls.key
 .PHONY:centralcert/setup
 
-observatorium/setup:
-	@echo -n "$(OBSERVATORIUM_CONFIG_ACCESS_TOKEN)" > secrets/observability-config-access.token;
-	@echo -n "$(RHSSO_LOGS_CLIENT_ID)" > secrets/rhsso-logs.clientId;
-	@echo -n "$(RHSSO_LOGS_CLIENT_SECRET)" > secrets/rhsso-logs.clientSecret;
-	@echo -n "$(RHSSO_METRICS_CLIENT_ID)" > secrets/rhsso-metrics.clientId;
-	@echo -n "$(RHSSO_METRICS_CLIENT_SECRET)" > secrets/rhsso-metrics.clientSecret;
-.PHONY:observatorium/setup
-
-observatorium/token-refresher/setup: PORT ?= 8085
-observatorium/token-refresher/setup: IMAGE_TAG ?= latest
-observatorium/token-refresher/setup: ISSUER_URL ?= https://sso.redhat.com/auth/realms/redhat-external
-observatorium/token-refresher/setup: OBSERVATORIUM_URL ?= https://observatorium-mst.api.stage.openshift.com/api/metrics/v1/manageddinosaur
-observatorium/token-refresher/setup:
-	@$(DOCKER) run -d -p ${PORT}:${PORT} \
-		--restart always \
-		--name observatorium-token-refresher quay.io/rhoas/mk-token-refresher:${IMAGE_TAG} \
-		/bin/token-refresher \
-		--oidc.issuer-url="${ISSUER_URL}" \
-		--url="${OBSERVATORIUM_URL}" \
-		--oidc.client-id="${CLIENT_ID}" \
-		--oidc.client-secret="${CLIENT_SECRET}" \
-		--web.listen=":${PORT}"
-	@echo The Observatorium token refresher is now running on 'http://localhost:${PORT}'
-.PHONY: observatorium/token-refresher/setup
-
 # Setup dummy OCM_OFFLINE_TOKEN for integration testing
 ocm/setup: OCM_OFFLINE_TOKEN ?= "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c" # pragma: allowlist secret
 ocm/setup:
@@ -743,13 +715,6 @@ deploy/secrets:
 		-p CENTRAL_IDP_CLIENT_SECRET="$(shell ([ -s './secrets/central.idp-client-secret' ] && [ -z '${CENTRAL_IDP_CLIENT_SECRET}' ]) && cat ./secrets/central.idp-client-secret || echo '${CENTRAL_IDP_CLIENT_SECRET}')" \
 		-p CENTRAL_TLS_CERT="$(shell ([ -s './secrets/central-tls.crt' ] && [ -z '${CENTRAL_TLS_CERT}' ]) && cat ./secrets/central-tls.crt || echo '${CENTRAL_TLS_CERT}')" \
 		-p CENTRAL_TLS_KEY="$(shell ([ -s './secrets/central-tls.key' ] && [ -z '${CENTRAL_TLS_KEY}' ]) && cat ./secrets/central-tls.key || echo '${CENTRAL_TLS_KEY}')" \
-		-p OBSERVABILITY_CONFIG_ACCESS_TOKEN="$(shell ([ -s './secrets/observability-config-access.token' ] && [ -z '${OBSERVABILITY_CONFIG_ACCESS_TOKEN}' ]) && cat ./secrets/observability-config-access.token || echo '${OBSERVABILITY_CONFIG_ACCESS_TOKEN}')" \
-		-p OBSERVABILITY_RHSSO_LOGS_CLIENT_ID="$(shell ([ -s './secrets/rhsso-logs.clientId' ] && [ -z '${OBSERVABILITY_RHSSO_LOGS_CLIENT_ID}' ]) && cat ./secrets/rhsso-logs.clientId || echo '${OBSERVABILITY_RHSSO_LOGS_CLIENT_ID}')" \
-		-p OBSERVABILITY_RHSSO_LOGS_SECRET="$(shell ([ -s './secrets/rhsso-logs.clientSecret' ] && [ -z '${OBSERVABILITY_RHSSO_LOGS_SECRET}' ]) && cat ./secrets/rhsso-logs.clientSecret || echo '${OBSERVABILITY_RHSSO_LOGS_SECRET}')" \
-		-p OBSERVABILITY_RHSSO_METRICS_CLIENT_ID="$(shell ([ -s './secrets/rhsso-metrics.clientId' ] && [ -z '${OBSERVABILITY_RHSSO_METRICS_CLIENT_ID}' ]) && cat ./secrets/rhsso-metrics.clientId || echo '${OBSERVABILITY_RHSSO_METRICS_CLIENT_ID}')" \
-		-p OBSERVABILITY_RHSSO_METRICS_SECRET="$(shell ([ -s './secrets/rhsso-metrics.clientSecret' ] && [ -z '${OBSERVABILITY_RHSSO_METRICS_SECRET}' ]) && cat ./secrets/rhsso-metrics.clientSecret || echo '${OBSERVABILITY_RHSSO_METRICS_SECRET}')" \
-		-p OBSERVABILITY_RHSSO_GRAFANA_CLIENT_ID="${OBSERVABILITY_RHSSO_GRAFANA_CLIENT_ID}" \
-		-p OBSERVABILITY_RHSSO_GRAFANA_CLIENT_SECRET="${OBSERVABILITY_RHSSO_GRAFANA_CLIENT_SECRET}" \
 		| oc apply -f - -n $(NAMESPACE)
 .PHONY: deploy/secrets
 
@@ -794,9 +759,6 @@ deploy/service: ENABLE_TERMS_ACCEPTANCE ?= "false"
 deploy/service: ENABLE_DENY_LIST ?= "false"
 deploy/service: ALLOW_EVALUATOR_INSTANCE ?= "true"
 deploy/service: QUOTA_TYPE ?= "quota-management-list"
-deploy/service: OBSERVABILITY_CONFIG_REPO ?= "https://api.github.com/repos/bf2fc6cc711aee1a0c2a/observability-resources-mk/contents"
-deploy/service: OBSERVABILITY_CONFIG_CHANNEL ?= "resources"
-deploy/service: OBSERVABILITY_CONFIG_TAG ?= "main"
 deploy/service: DATAPLANE_CLUSTER_SCALING_TYPE ?= "manual"
 deploy/service: CENTRAL_IDP_ISSUER ?= "https://sso.stage.redhat.com/auth/realms/redhat-external"
 deploy/service: CENTRAL_IDP_CLIENT_ID ?= "rhacs-ms-dev"
@@ -830,13 +792,6 @@ endif
 		-p OCM_ADDON_SERVICE_URL="$(OCM_ADDON_SERVICE_URL)" \
 		-p AMS_URL="${AMS_URL}" \
 		-p SERVICE_PUBLIC_HOST_URL="https://$(shell oc get routes/fleet-manager -o jsonpath="{.spec.host}" -n $(NAMESPACE))" \
-		-p OBSERVATORIUM_RHSSO_GATEWAY="${OBSERVATORIUM_RHSSO_GATEWAY}" \
-		-p OBSERVATORIUM_RHSSO_REALM="${OBSERVATORIUM_RHSSO_REALM}" \
-		-p OBSERVATORIUM_RHSSO_TENANT="${OBSERVATORIUM_RHSSO_TENANT}" \
-		-p OBSERVATORIUM_RHSSO_AUTH_SERVER_URL="${OBSERVATORIUM_RHSSO_AUTH_SERVER_URL}" \
-		-p OBSERVATORIUM_TOKEN_REFRESHER_URL="http://token-refresher.$(NAMESPACE).svc.cluster.local" \
-		-p OBSERVABILITY_CONFIG_REPO="${OBSERVABILITY_CONFIG_REPO}" \
-		-p OBSERVABILITY_CONFIG_TAG="${OBSERVABILITY_CONFIG_TAG}" \
 		-p ENABLE_TERMS_ACCEPTANCE="${ENABLE_TERMS_ACCEPTANCE}" \
 		-p ALLOW_EVALUATOR_INSTANCE="${ALLOW_EVALUATOR_INSTANCE}" \
 		-p QUOTA_TYPE="${QUOTA_TYPE}" \
@@ -861,7 +816,6 @@ endif
 # remove service deployments from an OpenShift cluster
 undeploy: FLEET_MANAGER_IMAGE ?= $(SHORT_IMAGE_REF)
 undeploy:
-	@-oc process -f ./templates/observatorium-token-refresher.yml --local | oc delete -f - -n $(NAMESPACE)
 	@-oc process -f ./templates/db-template.yml --local | oc delete -f - -n $(NAMESPACE)
 	@-oc process -f ./templates/secrets-template.yml --local | oc delete -f - -n $(NAMESPACE)
 	@-oc process -f ./templates/route-template.yml --local | oc delete -f - -n $(NAMESPACE)
@@ -871,20 +825,6 @@ undeploy:
 		| oc delete -f - -n $(NAMESPACE)
 .PHONY: undeploy
 
-# Deploys an Observatorium token refresher on an OpenShift cluster
-deploy/token-refresher: ISSUER_URL ?= "https://sso.redhat.com/auth/realms/redhat-external"
-deploy/token-refresher: OBSERVATORIUM_TOKEN_REFRESHER_IMAGE ?= "quay.io/rhoas/mk-token-refresher"
-deploy/token-refresher: OBSERVATORIUM_TOKEN_REFRESHER_IMAGE_TAG ?= "latest"
-deploy/token-refresher: OBSERVATORIUM_URL ?= "https://observatorium-mst.api.stage.openshift.com/api/metrics/v1/manageddinosaur"
-deploy/token-refresher:
-	@-oc process -f ./templates/observatorium-token-refresher.yml \
-		-p ISSUER_URL=${ISSUER_URL} \
-		-p OBSERVATORIUM_URL=${OBSERVATORIUM_URL} \
-		-p OBSERVATORIUM_TOKEN_REFRESHER_IMAGE=${OBSERVATORIUM_TOKEN_REFRESHER_IMAGE} \
-		-p OBSERVATORIUM_TOKEN_REFRESHER_IMAGE_TAG=${OBSERVATORIUM_TOKEN_REFRESHER_IMAGE_TAG} \
-		 | oc apply -f - -n $(NAMESPACE)
-.PHONY: deploy/token-refresher
-
 # Deploys OpenShift ingress router on a k8s cluster
 deploy/openshift-router:
 	./scripts/openshift-router.sh deploy

dev/env/defaults/00-defaults.env

@@ -43,7 +43,6 @@ export OSD_IDP_SSO_CLIENT_ID_DEFAULT=""
 export OSD_IDP_SSO_CLIENT_SECRET_DEFAULT=""
 export ROUTE53_ACCESS_KEY_DEFAULT=""
 export ROUTE53_SECRET_ACCESS_KEY_DEFAULT=""
-export OBSERVABILITY_CONFIG_ACCESS_TOKEN_DEFAULT=""
 export SPAWN_LOGGER_DEFAULT="false"
 export DUMP_LOGS_DEFAULT="false"
 export OPERATOR_SOURCE_DEFAULT=""

dev/env/scripts/lib.sh

@@ -107,7 +107,6 @@ init() {
     export OSD_IDP_SSO_CLIENT_SECRET=${OSD_IDP_SSO_CLIENT_SECRET:-$OSD_IDP_SSO_CLIENT_SECRET_DEFAULT}
     export ROUTE53_ACCESS_KEY=${ROUTE53_ACCESS_KEY:-$ROUTE53_ACCESS_KEY_DEFAULT}
     export ROUTE53_SECRET_ACCESS_KEY=${ROUTE53_SECRET_ACCESS_KEY:-$ROUTE53_SECRET_ACCESS_KEY_DEFAULT}
-    export OBSERVABILITY_CONFIG_ACCESS_TOKEN=${OBSERVABILITY_CONFIG_ACCESS_TOKEN:-$OBSERVABILITY_CONFIG_ACCESS_TOKEN_DEFAULT}
     export INHERIT_IMAGEPULLSECRETS=${INHERIT_IMAGEPULLSECRETS:-$INHERIT_IMAGEPULLSECRETS_DEFAULT}
     export SPAWN_LOGGER=${SPAWN_LOGGER:-$SPAWN_LOGGER_DEFAULT}
     export DUMP_LOGS=${DUMP_LOGS:-$DUMP_LOGS_DEFAULT}
@@ -190,7 +189,6 @@ OSD_IDP_SSO_CLIENT_ID: ********
 OSD_IDP_SSO_CLIENT_SECRET: ********
 ROUTE53_ACCESS_KEY: ********
 ROUTE53_SECRET_ACCESS_KEY: ********
-OBSERVABILITY_CONFIG_ACCESS_TOKEN: ********
 INHERIT_IMAGEPULLSECRETS: ${INHERIT_IMAGEPULLSECRETS}
 SPAWN_LOGGER: ${SPAWN_LOGGER}
 DUMP_LOGS: ${DUMP_LOGS}

docs/legacy/feature-flags.md

@@ -13,7 +13,6 @@ This lists the feature flags and their sub-configurations to enable/disable and
   - [Central](#central)
   - [IAM](#iam)
   - [Metrics Server](#metrics-server)
-  - [Observability](#observability)
   - [OpenShift Cluster Manager](#openshift-cluster-manager)
   - [Dataplane Cluster Management](#dataplane-cluster-management)
   - [Sentry](#sentry)
@@ -76,28 +75,6 @@ This lists the feature flags and their sub-configurations to enable/disable and
     - `https-cert-file` [Required]: The path to the file containing the TLS certificate.
     - `https-key-file` [Required]: The path to the file containing the TLS private key.
 
-## Observability
-- **enable-observatorium-mock**: Enables use of a mock Observatorium client.
-    - `observatorium-timeout` [Optional]: Timeout to be used for Observatorium requests (default: `240s`).
-- **observatorium-debug**: Enables Observatorium debug logging.
-- **observatorium-ignore-ssl**: Disables Observatorium TLS verification.
-
-### Red Hat SSO Authentication
-- The '[Required]' in the following denotes that these flags are required to use Red Hat SSO Authentication with the service.
-    - `observability-red-hat-sso-auth-server-url`[Required]: Red Hat SSO authentication server URL (default: `https://sso.redhat.com/auth`).
-    - `observability-red-hat-sso-realm`[Required]: Red Hat SSO realm (default: `redhat-external`).
-    - `observability-red-hat-sso-token-refresher-url`[Required]: Red Hat SSO token refresher URL (default: `www.test.com`).
-    - `observability-red-hat-sso-observatorium-gateway`[Required]: Red Hat SSO observatorium gateway (default: `https://observatorium-mst.api.stage.openshift.com`).
-    - `observability-red-hat-sso-tenant`[Required]: Red Hat SSO tenant (default: `managedCentral`).
-    - `observability-red-hat-sso-logs-client-id-file`[Required]: The path to the file containing the client
-    ID for the logs service account for use with Red Hat SSO.
-    - `observability-red-hat-sso-logs-secret-file`[Required]: The path to the file containing the client
-    secret for the logs service account for use with Red Hat SSO.
-    - `observability-red-hat-sso-metrics-client-id-file`[Required]: The path to the file containing the client
-    ID for the metrics service account for use with Red Hat SSO.
-    - `observability-red-hat-sso-metrics-secret-file`[Required]: The path to the file containing the client
-    secret for the metrics service account for use with Red Hat SSO.
-
 ## OpenShift Cluster Manager
 - **enable-ocm-mock**: Enables use of a mock OCM client.
     - `ocm-mock-mode` [Optional]: Sets the ocm client mock type (default: `stub-server`).

docs/legacy/observability/README.md

@@ -5,9 +5,7 @@ This README will outline the adaptations and modifications that need to be made
 The file [metrics.go](../../pkg/metrics/metrics.go) creates Prometheus metrics of differing types. These are the metrics which are then reported and visualised in each Grafana dashboard.
 See [here](https://prometheus.io/docs/concepts/metric_types/) for more info about Prometheus metric types
 
-These metrics are grouped by metric subject: data plane clusters, service ('dinosaur' for this template) and reconcilers. These metrics need to be updated with service name (ie 'dinosaur' replaced and service name included).
-
-There is also a section of metrics regarding Observatorium API. These metrics are not reported to a Grafana dashboard by this template. See [kas-fleet-manager metrics configmap](https://gitlab.cee.redhat.com/service/app-interface/-/blob/master/resources/observability/grafana/grafana-dashboard-kas-fleet-manager-metrics.configmap.yaml#L5460-7247) for an example of a Grafana dashboard reporting these metrics.
+These metrics are grouped by metric subject: data plane clusters, service ('central' for this template) and reconcilers. These metrics need to be updated with service name (ie 'dinosaur' replaced and service name included).
 
 The file [metrics_middleware.go](../../pkg/handlers/metrics_middleware.go) creates metrics concerned with incoming API requests. This file contains useful and important information about how these metrics are written and reported.
 
@@ -42,37 +40,12 @@ See [SLOs README](../slos/README.md) for more informtion about metrics and their
 
 See [here](https://gitlab.cee.redhat.com/service/app-interface#add-a-grafana-dashboard) for information about adding Grafana dashboards in App-Sre
 
-## Observatorium
-
-The service that the Fleet Manager manages (Dinosaur in the case of this template)
-can send metrics to a [Observatorium](https://github.com/observatorium/observatorium)
-instance from the data plane. Fleet Manager is also able to interact directly
-with Observatorium to retrieve the metrics sent by the managed
-service (Dinosaur) from the data plane.
-
-### Configuring Observatorium
-
-To configure a new managed service to use Observatorium a Red Hat managed
-Observatorium service can be used. For that, a new `Observatorium Tenant` has
-to be created and configured in that Red Hat managed Observatorium service. That
-task is done by the Red Hat Observability team. To do so there's
-an Onboarding process. See the[Onboarding a Tenant into Red Hat’s Observatorium Instance](https://docs.google.com/document/d/1pjM9RRvij-IgwqQMt5q798B_4k4A9Y16uT2oV9sxN3g) document on how to do it.
-
-If you have any doubts about the onboarding process, The Red Hat Observability
-team can be contacted on the #forum-observatorium Slack channel.
-
 ## Observability stack
 
-When a data plane cluster is created/assigned in Fleet Manager, the Observability stack is installed as part of the [cluster
-Terraforming process](../implementation.md).
+When a data plane cluster is created the Observability stack is installed as part of the cluster Terraforming process.
 
 The observability stack includes:
-* [Observability Operator](https://github.com/redhat-developer/observability-operator): The Observability Operator deploys & maintains a common platform for Application Services to share and utilize to aid in monitoring & reporting on their service components. It integrates with the Observatorium project for pushing metrics and logs to a central location. See the linked repository on details about what is deployed / configured by the operator
+* [Observability Operator](https://github.com/rhobs/observability-operator): The Observability Operator deploys & maintains a common platform for Application Services to share and utilize to aid in monitoring & reporting on their service components. It integrates with the Observatorium project for pushing metrics and logs to a central location. See the linked repository on details about what is deployed / configured by the operator
 * Configuration to set up the Observability stack through Observability Operator. This
   configuration is done by hosting a set of configuration files in a git remote repository that has to be provided as part of
-  the Fleet Manager configuration. An example of a git remote repository containing the observability stack configuration in a git remote
-  repository for the Managed Kafka service can be found in the [observability-resources-mk](https://github.com/bf2fc6cc711aee1a0c2a/observability-resources-mk) git repository
-
-To provide the parameters to set up the observability stack in fleet manager those are set as
-CLI flags to the kas-fleet-manager code. See the [Observability section in the feature-flags documentation file](../feature-flags.md#Observability)
-for details.
+  the Fleet Manager configuration. ACSCS gitops configuration can be found in the [acscs-manifests](https://github.com/stackrox/acscs-manifests) git repository