From aa6af677116f0e597a9f6404696362c7955e2404 Mon Sep 17 00:00:00 2001 From: Joel Diaz Date: Fri, 14 Jan 2022 12:04:03 -0500 Subject: [PATCH 1/2] cleanup CCO from ibm-cloud-managed CCO is not used in the ibm-cloud-managed profile. Mark all these previously installed resources as needing to be removed in the ibm-cloud-managed profile, and remove the ibm-cloud-managed annotation so they don't get installed again. --- manifests/00-clusterreader_clusterrole.yaml | 1 - manifests/00-crd.yaml | 1 - manifests/00-namespace.yaml | 1 - ...credential-operator_01_prometheusrole.yaml | 1 - ...ial-operator_02_prometheusrolebinding.yaml | 1 - ...credential-operator_03_servicemonitor.yaml | 1 - manifests/01-cluster-role-binding.yaml | 1 - manifests/01-cluster-role.yaml | 1 - manifests/01-role-binding.yaml | 1 - manifests/01-role.yaml | 1 - manifests/01-service.yaml | 1 - manifests/01-trusted-ca-configmap.yaml | 1 - manifests/02-sa.yaml | 1 - manifests/ibm-cloud-cleanup.yaml | 116 ++++++++++++++++++ 14 files changed, 116 insertions(+), 13 deletions(-) create mode 100644 manifests/ibm-cloud-cleanup.yaml diff --git a/manifests/00-clusterreader_clusterrole.yaml b/manifests/00-clusterreader_clusterrole.yaml index 06b589376..138dae4d5 100644 --- a/manifests/00-clusterreader_clusterrole.yaml +++ b/manifests/00-clusterreader_clusterrole.yaml @@ -5,7 +5,6 @@ metadata: labels: rbac.authorization.k8s.io/aggregate-to-cluster-reader: "true" annotations: - include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" rules: - apiGroups: diff --git a/manifests/00-crd.yaml b/manifests/00-crd.yaml index 68afd6100..3d8ce7f83 100644 --- a/manifests/00-crd.yaml +++ b/manifests/00-crd.yaml @@ -2,7 +2,6 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" name: credentialsrequests.cloudcredential.openshift.io spec: diff --git a/manifests/00-namespace.yaml b/manifests/00-namespace.yaml index 4b7f37a1c..278d34562 100644 --- a/manifests/00-namespace.yaml +++ b/manifests/00-namespace.yaml @@ -2,7 +2,6 @@ apiVersion: v1 kind: Namespace metadata: annotations: - include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" openshift.io/node-selector: "" workload.openshift.io/allowed: "management" diff --git a/manifests/0000_90_cloud-credential-operator_01_prometheusrole.yaml b/manifests/0000_90_cloud-credential-operator_01_prometheusrole.yaml index bf9391b78..2758577e3 100644 --- a/manifests/0000_90_cloud-credential-operator_01_prometheusrole.yaml +++ b/manifests/0000_90_cloud-credential-operator_01_prometheusrole.yaml @@ -4,7 +4,6 @@ metadata: name: prometheus-k8s namespace: openshift-cloud-credential-operator annotations: - include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" rules: - apiGroups: diff --git a/manifests/0000_90_cloud-credential-operator_02_prometheusrolebinding.yaml b/manifests/0000_90_cloud-credential-operator_02_prometheusrolebinding.yaml index fc8299211..d391d2835 100644 --- a/manifests/0000_90_cloud-credential-operator_02_prometheusrolebinding.yaml +++ b/manifests/0000_90_cloud-credential-operator_02_prometheusrolebinding.yaml @@ -4,7 +4,6 @@ metadata: name: prometheus-k8s namespace: openshift-cloud-credential-operator annotations: - include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/0000_90_cloud-credential-operator_03_servicemonitor.yaml b/manifests/0000_90_cloud-credential-operator_03_servicemonitor.yaml index 734f72779..ee14ce7ca 100644 --- a/manifests/0000_90_cloud-credential-operator_03_servicemonitor.yaml +++ b/manifests/0000_90_cloud-credential-operator_03_servicemonitor.yaml @@ -4,7 +4,6 @@ metadata: name: cloud-credential-operator namespace: openshift-cloud-credential-operator annotations: - include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" spec: endpoints: diff --git a/manifests/01-cluster-role-binding.yaml b/manifests/01-cluster-role-binding.yaml index b65685e55..962a383f6 100644 --- a/manifests/01-cluster-role-binding.yaml +++ b/manifests/01-cluster-role-binding.yaml @@ -4,7 +4,6 @@ metadata: creationTimestamp: null name: cloud-credential-operator-rolebinding annotations: - include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/01-cluster-role.yaml b/manifests/01-cluster-role.yaml index 7b3e4741f..66935783c 100644 --- a/manifests/01-cluster-role.yaml +++ b/manifests/01-cluster-role.yaml @@ -4,7 +4,6 @@ metadata: creationTimestamp: null name: cloud-credential-operator-role annotations: - include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" rules: - apiGroups: diff --git a/manifests/01-role-binding.yaml b/manifests/01-role-binding.yaml index 93c4b14b5..9065f74f7 100644 --- a/manifests/01-role-binding.yaml +++ b/manifests/01-role-binding.yaml @@ -4,7 +4,6 @@ metadata: name: cloud-credential-operator namespace: openshift-cloud-credential-operator annotations: - include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" subjects: - kind: ServiceAccount diff --git a/manifests/01-role.yaml b/manifests/01-role.yaml index 5324610ae..f59dfa358 100644 --- a/manifests/01-role.yaml +++ b/manifests/01-role.yaml @@ -4,7 +4,6 @@ metadata: name: cloud-credential-operator-role namespace: openshift-cloud-credential-operator annotations: - include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" rules: - apiGroups: diff --git a/manifests/01-service.yaml b/manifests/01-service.yaml index 75a22a0ae..281854775 100644 --- a/manifests/01-service.yaml +++ b/manifests/01-service.yaml @@ -2,7 +2,6 @@ apiVersion: v1 kind: Service metadata: annotations: - include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" service.alpha.openshift.io/serving-cert-secret-name: cloud-credential-operator-serving-cert name: cco-metrics diff --git a/manifests/01-trusted-ca-configmap.yaml b/manifests/01-trusted-ca-configmap.yaml index 6bf1cb6c6..2df91a6d4 100644 --- a/manifests/01-trusted-ca-configmap.yaml +++ b/manifests/01-trusted-ca-configmap.yaml @@ -6,5 +6,4 @@ metadata: name: cco-trusted-ca namespace: openshift-cloud-credential-operator annotations: - include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" diff --git a/manifests/02-sa.yaml b/manifests/02-sa.yaml index 45e59b78b..d66cb8c7a 100644 --- a/manifests/02-sa.yaml +++ b/manifests/02-sa.yaml @@ -4,5 +4,4 @@ metadata: name: cloud-credential-operator namespace: openshift-cloud-credential-operator annotations: - include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" diff --git a/manifests/ibm-cloud-cleanup.yaml b/manifests/ibm-cloud-cleanup.yaml new file mode 100644 index 000000000..8dbc7b4d1 --- /dev/null +++ b/manifests/ibm-cloud-cleanup.yaml @@ -0,0 +1,116 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: system:openshift:cloud-credential-operator:cluster-reader + annotations: + include.release.openshift.io/ibm-cloud-managed: "true" + release.openshift.io/delete: "true" +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + include.release.openshift.io/ibm-cloud-managed: "true" + release.openshift.io/delete: "true" + name: credentialsrequests.cloudcredential.openshift.io +--- +apiVersion: v1 +kind: Namespace +metadata: + annotations: + include.release.openshift.io/ibm-cloud-managed: "true" + release.openshift.io/delete: "true" + name: openshift-cloud-credential-operator +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: prometheus-k8s + namespace: openshift-cloud-credential-operator + annotations: + include.release.openshift.io/ibm-cloud-managed: "true" + release.openshift.io/delete: "true" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: prometheus-k8s + namespace: openshift-cloud-credential-operator + annotations: + include.release.openshift.io/ibm-cloud-managed: "true" + release.openshift.io/delete: "true" +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: cloud-credential-operator + namespace: openshift-cloud-credential-operator + annotations: + include.release.openshift.io/ibm-cloud-managed: "true" + release.openshift.io/delete: "true" +--- +kind: ClusterRoleBinding +metadata: + name: cloud-credential-operator-rolebinding + annotations: + include.release.openshift.io/ibm-cloud-managed: "true" + release.openshift.io/delete: "true" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cloud-credential-operator-role + annotations: + include.release.openshift.io/ibm-cloud-managed: "true" + release.openshift.io/delete: "true" +--- +apiVersion: operator.openshift.io/v1 +kind: CloudCredential +metadata: + name: cluster + annotations: + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/delete: "true" +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: cloud-credential-operator + namespace: openshift-cloud-credential-operator + annotations: + include.release.openshift.io/ibm-cloud-managed: "true" + release.openshift.io/delete: "true" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: cloud-credential-operator-role + namespace: openshift-cloud-credential-operator + annotations: + include.release.openshift.io/ibm-cloud-managed: "true" + release.openshift.io/delete: "true" +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + include.release.openshift.io/ibm-cloud-managed: "true" + release.openshift.io/delete: "true" +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: cco-trusted-ca + namespace: openshift-cloud-credential-operator + annotations: + include.release.openshift.io/ibm-cloud-managed: "true" + release.openshift.io/delete: "true" +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: cloud-credential-operator + namespace: openshift-cloud-credential-operator + annotations: + include.release.openshift.io/ibm-cloud-managed: "true" + release.openshift.io/delete: "true" From 3535d0b54028f5d3edb0fc0dd7a06f913b92d271 Mon Sep 17 00:00:00 2001 From: Joel Diaz Date: Mon, 17 Jan 2022 15:48:19 -0500 Subject: [PATCH 2/2] fix Service with missing name/namespace The single Service should have been the one with name 'cco-metrics', but there is also an old Serivce that is no longer used by the name of 'controller-manager-service'. Add an entry for that Service so that it too gets cleaned up. --- manifests/ibm-cloud-cleanup.yaml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/manifests/ibm-cloud-cleanup.yaml b/manifests/ibm-cloud-cleanup.yaml index 8dbc7b4d1..a10081002 100644 --- a/manifests/ibm-cloud-cleanup.yaml +++ b/manifests/ibm-cloud-cleanup.yaml @@ -93,6 +93,17 @@ metadata: apiVersion: v1 kind: Service metadata: + name: controller-manager-service + namespace: openshift-cloud-credential-operator + annotations: + include.release.openshift.io/ibm-cloud-managed: "true" + release.openshift.io/delete: "true" +--- +apiVersion: v1 +kind: Service +metadata: + name: cco-metrics + namespace: openshift-cloud-credential-operator annotations: include.release.openshift.io/ibm-cloud-managed: "true" release.openshift.io/delete: "true"