diff --git a/config/bases/minikube-aws/kustomization.yaml b/config/bases/minikube-aws/kustomization.yaml index 4c68e420e..ae16572dc 100644 --- a/config/bases/minikube-aws/kustomization.yaml +++ b/config/bases/minikube-aws/kustomization.yaml @@ -3,9 +3,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 resources: - ../../default - - ../../oauth/ingress patches: - path: operator-aws-patch.yaml - - path: oauth-aws-patch.yaml - path: shared-config-patch.yaml diff --git a/config/bases/minikube-aws/oauth-aws-patch.yaml b/config/bases/minikube-aws/oauth-aws-patch.yaml deleted file mode 100644 index ca343afaf..000000000 --- a/config/bases/minikube-aws/oauth-aws-patch.yaml +++ /dev/null @@ -1,29 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: spi-oauth-service - namespace: spi-system -spec: - template: - spec: - containers: - - name: oauth - volumeMounts: - - mountPath: /etc/spi/aws/config - name: aws-secretsmanager-credentials - readOnly: true - subPath: config - - mountPath: /etc/spi/aws/credentials - name: aws-secretsmanager-credentials - readOnly: true - subPath: credentials - volumes: - - name: aws-secretsmanager-credentials - secret: - secretName: aws-secretsmanager-credentials - items: - - key: config - path: config - - key: credentials - path: credentials diff --git a/config/bases/minikube-vault/kustomization.yaml b/config/bases/minikube-vault/kustomization.yaml index 3ddb387dd..b49db786d 100644 --- a/config/bases/minikube-vault/kustomization.yaml +++ b/config/bases/minikube-vault/kustomization.yaml @@ -3,7 +3,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 resources: - ../../default - - ../../oauth/ingress patches: - path: shared-config-patch.yaml diff --git a/config/bases/openshift-aws/kustomization.yaml b/config/bases/openshift-aws/kustomization.yaml index cfd0119a8..ae16572dc 100644 --- a/config/bases/openshift-aws/kustomization.yaml +++ b/config/bases/openshift-aws/kustomization.yaml @@ -3,10 +3,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 resources: - ../../default - - ../../oauth/route patches: - - path: oauth-openshift-patch.yaml - path: operator-aws-patch.yaml - - path: oauth-aws-patch.yaml - path: shared-config-patch.yaml diff --git a/config/bases/openshift-aws/oauth-aws-patch.yaml b/config/bases/openshift-aws/oauth-aws-patch.yaml deleted file mode 100644 index ca343afaf..000000000 --- a/config/bases/openshift-aws/oauth-aws-patch.yaml +++ /dev/null @@ -1,29 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: spi-oauth-service - namespace: spi-system -spec: - template: - spec: - containers: - - name: oauth - volumeMounts: - - mountPath: /etc/spi/aws/config - name: aws-secretsmanager-credentials - readOnly: true - subPath: config - - mountPath: /etc/spi/aws/credentials - name: aws-secretsmanager-credentials - readOnly: true - subPath: credentials - volumes: - - name: aws-secretsmanager-credentials - secret: - secretName: aws-secretsmanager-credentials - items: - - key: config - path: config - - key: credentials - path: credentials diff --git a/config/bases/openshift-aws/oauth-openshift-patch.yaml b/config/bases/openshift-aws/oauth-openshift-patch.yaml deleted file mode 100644 index db9697c58..000000000 --- a/config/bases/openshift-aws/oauth-openshift-patch.yaml +++ /dev/null @@ -1,36 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: spi-oauth-service - namespace: spi-system -spec: - template: - spec: - containers: - - command: - name: oauth - livenessProbe: - httpGet: - scheme: HTTPS - readinessProbe: - httpGet: - scheme: HTTPS - volumeMounts: - - mountPath: /etc/spi/tls.key - name: tls-certificates - readOnly: true - subPath: tls.key - - mountPath: /etc/spi/tls.crt - name: tls-certificates - readOnly: true - subPath: tls.crt - volumes: - - name: tls-certificates - secret: - secretName: spi-oauth-service - items: - - key: tls.key - path: tls.key - - key: tls.crt - path: tls.crt diff --git a/config/bases/openshift-vault/kustomization.yaml b/config/bases/openshift-vault/kustomization.yaml index 1237c0dfe..b49db786d 100644 --- a/config/bases/openshift-vault/kustomization.yaml +++ b/config/bases/openshift-vault/kustomization.yaml @@ -3,8 +3,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 resources: - ../../default - - ../../oauth/route patches: - path: shared-config-patch.yaml - - path: oauth-openshift-patch.yaml diff --git a/config/bases/openshift-vault/oauth-openshift-patch.yaml b/config/bases/openshift-vault/oauth-openshift-patch.yaml deleted file mode 100644 index db9697c58..000000000 --- a/config/bases/openshift-vault/oauth-openshift-patch.yaml +++ /dev/null @@ -1,36 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: spi-oauth-service - namespace: spi-system -spec: - template: - spec: - containers: - - command: - name: oauth - livenessProbe: - httpGet: - scheme: HTTPS - readinessProbe: - httpGet: - scheme: HTTPS - volumeMounts: - - mountPath: /etc/spi/tls.key - name: tls-certificates - readOnly: true - subPath: tls.key - - mountPath: /etc/spi/tls.crt - name: tls-certificates - readOnly: true - subPath: tls.crt - volumes: - - name: tls-certificates - secret: - secretName: spi-oauth-service - items: - - key: tls.key - path: tls.key - - key: tls.crt - path: tls.crt diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index 33009a43f..91f9a5a0f 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -12,9 +12,6 @@ images: - name: quay.io/redhat-appstudio/service-provider-integration-operator newName: quay.io/redhat-appstudio/service-provider-integration-operator newTag: next -- name: quay.io/redhat-appstudio/service-provider-integration-oauth - newName: quay.io/redhat-appstudio/service-provider-integration-oauth - newTag: next # Labels to add to all resources and selectors. commonLabels: @@ -27,7 +24,6 @@ resources: - ../rbac # Additional stuff deployed by the default overlay - shared-environment-config.yaml -- ../oauth - ../manager patches: @@ -38,10 +34,3 @@ patches: group: apps version: v1 kind: Deployment - - path: inject-config-patch.yaml - target: - name: oauth-service - namespace: system - group: apps - version: v1 - kind: Deployment diff --git a/config/oauth/auth_proxy_service.yaml b/config/oauth/auth_proxy_service.yaml deleted file mode 100644 index 781b1dce6..000000000 --- a/config/oauth/auth_proxy_service.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - control-plane: controller-manager - name: oauth-metrics-service - namespace: system -spec: - ports: - - name: metrics - port: 8443 - protocol: TCP - targetPort: https - selector: - control-plane: controller-manager - app.kubernetes.io/name: service-provider-integration-oauth diff --git a/config/oauth/cluster-role-binding.yaml b/config/oauth/cluster-role-binding.yaml deleted file mode 100644 index a5cc6bba4..000000000 --- a/config/oauth/cluster-role-binding.yaml +++ /dev/null @@ -1,11 +0,0 @@ -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: oauth-clusterrolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: oauth-clusterrole -subjects: - - kind: ServiceAccount - name: oauth-sa diff --git a/config/oauth/cluster-role.yaml b/config/oauth/cluster-role.yaml deleted file mode 100644 index 5c6dd0e74..000000000 --- a/config/oauth/cluster-role.yaml +++ /dev/null @@ -1,33 +0,0 @@ -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: oauth-clusterrole -rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - "" - resources: - - secrets - verbs: - - create - - update - - get - - list -- apiGroups: - - appstudio.redhat.com - resources: - - spiaccesstokens - verbs: - - get - - update -- apiGroups: - - appstudio.redhat.com - resources: - - spiaccesstokendataupdates - verbs: - - create diff --git a/config/oauth/deployment.yaml b/config/oauth/deployment.yaml deleted file mode 100644 index 0a3fb3127..000000000 --- a/config/oauth/deployment.yaml +++ /dev/null @@ -1,96 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: oauth-service - namespace: system -spec: - selector: - matchLabels: - control-plane: controller-manager - app.kubernetes.io/name: service-provider-integration-oauth - replicas: 1 - template: - metadata: - labels: - control-plane: controller-manager - app.kubernetes.io/name: service-provider-integration-oauth - spec: - securityContext: - runAsNonRoot: true - containers: - - command: - - /spi-oauth - env: [] - envFrom: - - configMapRef: - name: oauth-service-environment-config - image: quay.io/redhat-appstudio/service-provider-integration-oauth:latest - name: oauth - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - capabilities: - drop: - - ALL - livenessProbe: - httpGet: - path: /health - port: 8000 - initialDelaySeconds: 15 - periodSeconds: 20 - readinessProbe: - httpGet: - path: /ready - port: 8000 - initialDelaySeconds: 5 - periodSeconds: 10 - resources: - limits: - cpu: 200m - memory: 150Mi - requests: - cpu: 100m - memory: 50Mi - volumeMounts: - - mountPath: /etc/spi/config.yaml - name: config-file - readOnly: true - subPath: config.yaml - - name: kube-rbac-proxy - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.15.0 - args: - - "--secure-listen-address=0.0.0.0:8443" - - "--upstream=http://127.0.0.1:8080/" - - "--logtostderr=true" - - "--v=10" - - "--http2-disable=true" - ports: - - containerPort: 8443 - protocol: TCP - name: https - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - capabilities: - drop: - - ALL - resources: - limits: - cpu: 50m - memory: 50Mi - requests: - cpu: 20m - memory: 10Mi - serviceAccountName: oauth-sa - terminationGracePeriodSeconds: 10 - volumes: - - name: config-file - secret: - secretName: shared-configuration-file - items: - - key: config.yaml - path: config.yaml diff --git a/config/oauth/ingress/ingress.yaml b/config/oauth/ingress/ingress.yaml deleted file mode 100644 index 46ed61023..000000000 --- a/config/oauth/ingress/ingress.yaml +++ /dev/null @@ -1,16 +0,0 @@ -kind: Ingress -apiVersion: networking.k8s.io/v1 -metadata: - name: oauth-ingress -spec: - rules: - - host: ${OAUTH_HOST} - http: - paths: - - backend: - service: - name: oauth-service - port: - number: 8000 - path: "/" - pathType: ImplementationSpecific diff --git a/config/oauth/ingress/kustomization.yaml b/config/oauth/ingress/kustomization.yaml deleted file mode 100644 index fb80823d9..000000000 --- a/config/oauth/ingress/kustomization.yaml +++ /dev/null @@ -1,2 +0,0 @@ -resources: - - ingress.yaml diff --git a/config/oauth/kustomization.yaml b/config/oauth/kustomization.yaml deleted file mode 100644 index 092ce7d5b..000000000 --- a/config/oauth/kustomization.yaml +++ /dev/null @@ -1,17 +0,0 @@ -kind: Kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 - -generatorOptions: - disableNameSuffixHash: true - -commonLabels: - app.kubernetes.io/name: service-provider-integration-oauth - -resources: -- service-account.yaml -- service.yaml -- cluster-role.yaml -- cluster-role-binding.yaml -- oauth-service-environment-config.yaml -- auth_proxy_service.yaml -- deployment.yaml diff --git a/config/oauth/oauth-service-environment-config.yaml b/config/oauth/oauth-service-environment-config.yaml deleted file mode 100644 index 98f17572f..000000000 --- a/config/oauth/oauth-service-environment-config.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: oauth-service-environment-config -data: - VAULTKUBERNETESROLE: spi-oauth - VAULTAPPROLESECRETNAME: vault-approle-spi-oauth - VAULTAPPROLESECRETNAMESPACE: spi-system diff --git a/config/oauth/route/cabundle.yaml b/config/oauth/route/cabundle.yaml deleted file mode 100644 index e25825c55..000000000 --- a/config/oauth/route/cabundle.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cabundle - annotations: - "service.beta.openshift.io/inject-cabundle": "true" diff --git a/config/oauth/route/kustomization.yaml b/config/oauth/route/kustomization.yaml deleted file mode 100644 index c322e2b95..000000000 --- a/config/oauth/route/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -kind: Kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 - -resources: - - route.yaml - - cabundle.yaml diff --git a/config/oauth/route/route.yaml b/config/oauth/route/route.yaml deleted file mode 100644 index 2d69670f9..000000000 --- a/config/oauth/route/route.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - labels: - app.kubernetes.io/part-of: service-provider-integration-operator - name: spi-oauth -spec: - port: - targetPort: 8000 - to: - kind: Service - # NOTE: Kustomize doesn't seem to know about routes, so we have to use the "rendered" name here, not just the name - # used in the kustomization, because kustomize would not replace it... - name: spi-oauth-service - tls: - termination: reencrypt - insecureEdgeTerminationPolicy: Redirect diff --git a/config/oauth/service-account.yaml b/config/oauth/service-account.yaml deleted file mode 100644 index e1a541924..000000000 --- a/config/oauth/service-account.yaml +++ /dev/null @@ -1,4 +0,0 @@ -kind: ServiceAccount -apiVersion: v1 -metadata: - name: oauth-sa diff --git a/config/oauth/service.yaml b/config/oauth/service.yaml deleted file mode 100644 index bb6df4c92..000000000 --- a/config/oauth/service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -kind: Service -apiVersion: v1 -metadata: - name: oauth-service - annotations: - service.beta.openshift.io/serving-cert-secret-name: spi-oauth-service -spec: - ports: - - port: 8000 - name: oauth-port - protocol: TCP - targetPort: 8000 - selector: - control-plane: controller-manager - app.kubernetes.io/name: service-provider-integration-oauth