Merge pull request #1708 from stuggi/rbac_proxy_cleanup

Remove KubeRbacProxy references

Author: openshift-merge-bot[bot]

Makefile

@@ -157,7 +157,6 @@ bindata: kustomize yq ## Call sync bindata script
 	sed -i bindata/operator/operator.yaml -e "/envCustom/c\\{{- range .OpenStackOperator.Deployment.Manager.Env }}\n        - name: '{{ .Name }}'\n          value: '{{ .Value }}'\n{{- end }}"
 	sed -i bindata/operator/operator.yaml -e "/customLimits/c\\            cpu: {{ .OpenStackOperator.Deployment.Manager.Resources.Limits.CPU }}\n            memory: {{ .OpenStackOperator.Deployment.Manager.Resources.Limits.Memory }}"
 	sed -i bindata/operator/operator.yaml -e "/customRequests/c\\            cpu: {{ .OpenStackOperator.Deployment.Manager.Resources.Requests.CPU }}\n            memory: {{ .OpenStackOperator.Deployment.Manager.Resources.Requests.Memory }}"
-	sed -i bindata/operator/operator.yaml -e "s|kube-rbac-proxy:replace_me.*|'{{ .OpenStackOperator.Deployment.KubeRbacProxy.Image }}'|"
 	sed -i bindata/operator/operator.yaml -e "/customTolerations/c\\      tolerations:\n{{- range .OpenStackOperator.Deployment.Tolerations }}\n      - key: \"{{ .Key }}\"\n{{- if .Operator }}\n        operator: \"{{ .Operator }}\"\n{{- end }}\n{{- if .Value }}\n        value: \"{{ .Value }}\"\n{{- end }}\n{{- if .Effect }}\n        effect: \"{{ .Effect }}\"\n{{- end }}\n{{- if .TolerationSeconds }}\n        tolerationSeconds: {{ .TolerationSeconds }}\n{{- end }}\n{{- end }}"
 	cp config/operator/managers.yaml bindata/operator/
 	cp config/operator/rabbit.yaml bindata/operator/

api/operator/v1beta1/openstack_types.go

@@ -64,14 +64,6 @@ var (
 	DefaultManagerMemoryLimit resource.Quantity = resource.MustParse("512Mi")
 	// DefaultManagerMemoryRequests - Default controller manager container memory requests
 	DefaultManagerMemoryRequests resource.Quantity = resource.MustParse("256Mi")
-	// DefaultRbacProxyCPULimit - Default kube rbac proxy container CPU limit
-	DefaultRbacProxyCPULimit resource.Quantity = resource.MustParse("500m")
-	// DefaultRbacProxyCPURequests - Default kube rbac proxy container CPU requests
-	DefaultRbacProxyCPURequests resource.Quantity = resource.MustParse("5m")
-	// DefaultRbacProxyMemoryLimit - Default kube rbac proxy container memory limit
-	DefaultRbacProxyMemoryLimit resource.Quantity = resource.MustParse("128Mi")
-	// DefaultRbacProxyMemoryRequests - Default kube rbac proxy container memory requests
-	DefaultRbacProxyMemoryRequests resource.Quantity = resource.MustParse("64Mi")
 
 	// DefaultTolerations - Default tolerations for all operators
 	DefaultTolerations = []corev1.Toleration{

bindata/operator/managers.yaml

@@ -77,28 +77,6 @@ spec:
         - mountPath: /tmp/k8s-metrics-server/metrics-certs
           name: metrics-certs
           readOnly: true
-{{- end }}
-{{- if isEnvVarFalse .Deployment.Manager.Env "METRICS_CERTS" }}
-      - args:
-        - --secure-listen-address=0.0.0.0:8443
-        - --upstream=http://127.0.0.1:8080/
-        - --logtostderr=true
-        - --v=0
-        image: {{ .Deployment.KubeRbacProxy.Image }}
-        name: kube-rbac-proxy
-        ports:
-        - containerPort: 8443
-          name: https
-          protocol: TCP
-        resources:
-          limits:
-            cpu: {{ .Deployment.KubeRbacProxy.Resources.Limits.CPU }}
-            memory: {{ .Deployment.KubeRbacProxy.Resources.Limits.Memory }}
-          requests:
-            cpu: {{ .Deployment.KubeRbacProxy.Resources.Requests.CPU }}
-            memory: {{ .Deployment.KubeRbacProxy.Resources.Requests.Memory }}
-        securityContext:
-          allowPrivilegeEscalation: false
 {{- end }}
       securityContext:
         runAsNonRoot: true

config/operator/default_images.yaml

@@ -200,8 +200,3 @@ spec:
           value: quay.io/podified-antelope-centos9/openstack-horizontest:current-podified
         - name: RELATED_IMAGE_OPENSTACK_MUST_GATHER_DEFAULT
           value: quay.io/openstack-k8s-operators/openstack-must-gather:latest
-          # will already be part of relatedImages as it is also directly set in the deployment in the
-          # bundle CSV. We also need an environment variable here to propagate this to the
-          # controller-manager and to other operators that require the same image to be set
-        - name: KUBE_RBAC_PROXY
-          value: quay.io/openstack-k8s-operators/kube-rbac-proxy:v0.16.0

config/operator/managers.yaml

@@ -77,28 +77,6 @@ spec:
         - mountPath: /tmp/k8s-metrics-server/metrics-certs
           name: metrics-certs
           readOnly: true
-{{- end }}
-{{- if isEnvVarFalse .Deployment.Manager.Env "METRICS_CERTS" }}
-      - args:
-        - --secure-listen-address=0.0.0.0:8443
-        - --upstream=http://127.0.0.1:8080/
-        - --logtostderr=true
-        - --v=0
-        image: {{ .Deployment.KubeRbacProxy.Image }}
-        name: kube-rbac-proxy
-        ports:
-        - containerPort: 8443
-          name: https
-          protocol: TCP
-        resources:
-          limits:
-            cpu: {{ .Deployment.KubeRbacProxy.Resources.Limits.CPU }}
-            memory: {{ .Deployment.KubeRbacProxy.Resources.Limits.Memory }}
-          requests:
-            cpu: {{ .Deployment.KubeRbacProxy.Resources.Requests.CPU }}
-            memory: {{ .Deployment.KubeRbacProxy.Resources.Requests.Memory }}
-        securityContext:
-          allowPrivilegeEscalation: false
 {{- end }}
       securityContext:
         runAsNonRoot: true

internal/controller/operator/openstack_controller.go

@@ -69,7 +69,6 @@ var (
 	envRelatedOperatorImages         (map[string]*string) // operatorName -> image
 	envRelatedOpenStackServiceImages (map[string]*string) // full_related_image_name -> image
 	operatorImage                    string
-	kubeRbacProxyImage               string
 	openstackReleaseVersion          string
 	leaseDuration                    string
 	renewDeadline                    string
@@ -92,8 +91,6 @@ func SetupEnv() {
 			log.Log.Info("Found operator related image", "operator", operatorName, "image", envArr[1])
 		} else if strings.HasPrefix(envArr[0], "RELATED_IMAGE_") {
 			envRelatedOpenStackServiceImages[envArr[0]] = &envArr[1]
-		} else if envArr[0] == "KUBE_RBAC_PROXY" {
-			kubeRbacProxyImage = envArr[1]
 		} else if envArr[0] == "OPERATOR_IMAGE_URL" {
 			operatorImage = envArr[1]
 			envRelatedOperatorImages[operatorv1beta1.OpenStackOperatorName] = &operatorImage
@@ -495,19 +492,6 @@ func (r *OpenStackReconciler) applyRBAC(ctx context.Context, instance *operatorv
 }
 
 func (r *OpenStackReconciler) applyOperator(ctx context.Context, instance *operatorv1beta1.OpenStack) error {
-	kubeRbacProxyContainer := operator.Container{
-		Image: kubeRbacProxyImage,
-		Resources: operator.Resource{
-			Limits: &operator.ResourceList{
-				CPU:    operatorv1beta1.DefaultRbacProxyCPULimit.String(),
-				Memory: operatorv1beta1.DefaultRbacProxyMemoryLimit.String(),
-			},
-			Requests: &operator.ResourceList{
-				CPU:    operatorv1beta1.DefaultRbacProxyCPURequests.String(),
-				Memory: operatorv1beta1.DefaultRbacProxyMemoryRequests.String(),
-			},
-		},
-	}
 	defaultEnv := []corev1.EnvVar{
 		{
 			Name:  "LEASE_DURATION",
@@ -566,8 +550,7 @@ func (r *OpenStackReconciler) applyOperator(ctx context.Context, instance *opera
 							},
 						},
 					},
-					KubeRbacProxy: kubeRbacProxyContainer,
-					Tolerations:   operatorv1beta1.DefaultTolerations,
+					Tolerations: operatorv1beta1.DefaultTolerations,
 				},
 			}
 

internal/operator/override.go

@@ -36,10 +36,9 @@ type Operator struct {
 
 // Deployment -
 type Deployment struct {
-	Replicas      *int32
-	Manager       Container
-	KubeRbacProxy Container
-	Tolerations   []corev1.Toleration
+	Replicas    *int32
+	Manager     Container
+	Tolerations []corev1.Toleration
 }
 
 // Container -