From 90ab74dc64b8c8371674f59f85d5140abe2b0545 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E2=80=8B/Thor=28sten=29=3F/=20Schwesig?=
 <89909507+schwesig@users.noreply.github.com>
Date: Fri, 26 Jan 2024 12:41:44 -0500
Subject: [PATCH] Add clusterroles rbac to obs cluster and clean-up
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- affects obs-cluster
- add clusterroles rbac
- streamline: remove redundant github-client-secret.yaml (follow OCP-on-NERC#316)
- adjust kustomization.yaml to that
- cleanup: remove oauths-clientsecret-nerc, keycloak.mss not needed
  (yet)
-adjust rook-ceph-external-cluster to fit to match changes in OCP-on-NERC#348

fixes nerc-project/operations#308

Signed-off-by: ​/Thor(sten)?/ Schwesig <89909507+schwesig@users.noreply.github.com>
---
 .../externalsecrets/github-client-secret.yaml | 19 -------------------
 .../rook-ceph-external-cluster-details.yaml   | 16 ----------------
 .../overlays/nerc-ocp-obs/kustomization.yaml  |  9 ++-------
 3 files changed, 2 insertions(+), 42 deletions(-)
 delete mode 100644 cluster-scope/overlays/nerc-ocp-obs/externalsecrets/github-client-secret.yaml
 delete mode 100644 cluster-scope/overlays/nerc-ocp-obs/externalsecrets/rook-ceph-external-cluster-details.yaml

diff --git a/cluster-scope/overlays/nerc-ocp-obs/externalsecrets/github-client-secret.yaml b/cluster-scope/overlays/nerc-ocp-obs/externalsecrets/github-client-secret.yaml
deleted file mode 100644
index 194b925c..00000000
--- a/cluster-scope/overlays/nerc-ocp-obs/externalsecrets/github-client-secret.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: github-client-secret
-  namespace: openshift-config
-spec:
-  secretStoreRef:
-    name: nerc-cluster-secrets
-    kind: ClusterSecretStore
-  target:
-    name: github-client-secret
-    template:
-      metadata:
-        labels: {}
-  data:
-  - secretKey: clientSecret
-    remoteRef:
-      key: nerc/nerc-ocp-obs/openshift-config/github-client-secret
-      property: clientSecret
diff --git a/cluster-scope/overlays/nerc-ocp-obs/externalsecrets/rook-ceph-external-cluster-details.yaml b/cluster-scope/overlays/nerc-ocp-obs/externalsecrets/rook-ceph-external-cluster-details.yaml
deleted file mode 100644
index d222e60f..00000000
--- a/cluster-scope/overlays/nerc-ocp-obs/externalsecrets/rook-ceph-external-cluster-details.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: rook-ceph-external-cluster-details
-  namespace: openshift-storage
-spec:
-  secretStoreRef:
-    name: nerc-cluster-secrets
-    kind: ClusterSecretStore
-  target:
-    name: rook-ceph-external-cluster-details
-  data:
-  - secretKey: external_cluster_details
-    remoteRef:
-      key: nerc/nerc-ocp-obs/openshift-storage/rook-ceph-external-cluster-details
-      property: external_cluster_details
diff --git a/cluster-scope/overlays/nerc-ocp-obs/kustomization.yaml b/cluster-scope/overlays/nerc-ocp-obs/kustomization.yaml
index eb615bca..a3d0d8ab 100644
--- a/cluster-scope/overlays/nerc-ocp-obs/kustomization.yaml
+++ b/cluster-scope/overlays/nerc-ocp-obs/kustomization.yaml
@@ -7,7 +7,9 @@ resources:
 - ../common
 - ../../bundles/node-feature-discovery
 - ../../base/core/namespaces/openshift-gitops
+- ../../base/rbac.authorization.k8s.io/clusterroles/allow-edit-rbac
 - clusterversion.yaml
+- externalsecrets
 - secretstores
 - logs-storage
 - logsarchive-storage
@@ -56,13 +58,6 @@ patches:
             - ocp-on-nerc/nerc-ops
             - ocp-on-nerc/nerc-logs-metrics
             - ocp-on-nerc/nerc-obs-admins
-- target:
-    kind: ExternalSecret
-    name: oauths-clientsecret-nerc
-  patch: |
-    - op: replace
-      path: /spec/data/0/remoteRef/key
-      value: nerc/nerc-ocp-obs/openshift-config/oauths-clientsecret-nerc
 - target:
     kind: ExternalSecret
     name: aws-route53-credentials