Fix tests, remove more egress-proxy refs

stackrox · Jun 17, 2024 · 747f97f · 747f97f
1 parent 8f29f51
commit 747f97f
Show file tree

Hide file tree

Showing 12 changed files with 22 additions and 368 deletions.
diff --git a/.secrets.baseline b/.secrets.baseline
@@ -268,7 +268,7 @@
         "filename": "e2e/e2e_test.go",
         "hashed_secret": "7f38822bc2b03e97325ff310099f457f6f788daf",
         "is_verified": false,
-        "line_number": 302
+        "line_number": 295
       }
     ],
     "fleetshard/pkg/central/cloudprovider/dbclient_moq.go": [
@@ -473,5 +473,5 @@
       }
     ]
   },
-  "generated_at": "2024-06-03T19:24:37Z"
+  "generated_at": "2024-06-17T20:09:11Z"
 }
diff --git a/dev/config/gitops-config.yaml b/dev/config/gitops-config.yaml
@@ -19,15 +19,6 @@ tenantResources:
       rhacs.redhat.com/org-name: "{{ .OrganizationName }}"
     secureTenantNetwork: false
     centralRdsCidrBlock: "10.1.0.0/16"
-    egressProxy:
-      image: "registry.redhat.io/openshift4/ose-egress-http-proxy:v4.14"
-      replicas: 2
-      resources:
-        requests:
-          cpu: 100m
-          memory: 275Mi
-        limits:
-          memory: 275Mi
     verticalPodAutoscalers:
       central:
         enabled: true

diff --git a/dp-terraform/helm/rhacs-terraform/templates/fleetshard-sync.yaml b/dp-terraform/helm/rhacs-terraform/templates/fleetshard-sync.yaml
@@ -53,8 +53,6 @@ spec:
           value: {{ .Values.fleetshardSync.authType }}
         - name: STATIC_TOKEN
           value: {{ .Values.fleetshardSync.staticToken }}
-        - name: EGRESS_PROXY_IMAGE
-          value: {{ .Values.fleetshardSync.egressProxy.image | quote }}
         - name: SECURE_TENANT_NETWORK
           value: {{ .Values.fleetshardSync.secureTenantNetwork | quote }}
         {{- if eq "RHSSO" .Values.fleetshardSync.authType }}

diff --git a/dp-terraform/helm/rhacs-terraform/values.yaml b/dp-terraform/helm/rhacs-terraform/values.yaml
@@ -25,8 +25,6 @@ fleetshardSync:
   redHatSSO:
     endpoint: "https://sso.redhat.com"
     realm: "redhat-external"
-  egressProxy:
-    image: "registry.redhat.io/openshift4/ose-egress-http-proxy:v4.14"
   secureTenantNetwork: false
   auditLogs:
     enabled: true

diff --git a/e2e/e2e_canary_upgrade_test.go b/e2e/e2e_canary_upgrade_test.go
@@ -208,61 +208,6 @@ var _ = Describe("Fleetshard-sync Targeted Upgrade", Ordered, func() {
 				Should(Succeed())
 		})
 
-		It("changes tenant resources", func() {
-			egressProxy, err := getDeployment(ctx, centralNamespace, "egress-proxy")
-			Expect(err).ToNot(HaveOccurred())
-			Expect(egressProxy.Spec.Template.Spec.Containers).To(HaveLen(1))
-			Expect(egressProxy.Spec.Template.Spec.Containers[0].Resources.Requests.Cpu().String()).To(Equal("100m"))
-			Expect(egressProxy.Spec.Template.Spec.Containers[0].Resources.Requests.Memory().String()).To(Equal("275Mi"))
-			Expect(egressProxy.Spec.Template.Spec.Containers[0].Resources.Limits.Memory().String()).To(Equal("275Mi"))
-			Expect(updateGitopsConfig(ctx, func(config gitops.Config) gitops.Config {
-				tenantResources := config.TenantResources
-				tenantResources.Default = `
-labels:
-  app.kubernetes.io/managed-by: "rhacs-fleetshard"
-  app.kubernetes.io/instance: "{{ .Name }}"
-  rhacs.redhat.com/org-id: "{{ .OrganizationID }}"
-  rhacs.redhat.com/tenant: "{{ .ID }}"
-  rhacs.redhat.com/instance-type: "{{ .InstanceType }}"
-annotations:
-  rhacs.redhat.com/org-name: "{{ .OrganizationName }}"
-secureTenantNetwork: false
-centralRdsCidrBlock: "10.1.0.0/16"
-egressProxy:
-  image: "registry.redhat.io/openshift4/ose-egress-http-proxy:v4.14"
-  replicas: 2
-  resources:
-    requests:
-      cpu: 100m
-      memory: 200Mi
-    limits:
-      memory: 200Mi
-`
-				config.TenantResources = tenantResources
-				return config
-			})).To(Succeed())
-			debugGitopsConfig(ctx)
-			Eventually(func() error {
-				egressProxy, err := getDeployment(ctx, centralNamespace, "egress-proxy")
-				if err != nil {
-					return err
-				}
-				if egressProxy.Spec.Template.Spec.Containers[0].Resources.Requests.Memory().String() != "200Mi" {
-					return fmt.Errorf("egress proxy memory request not updated")
-				}
-				if egressProxy.Spec.Template.Spec.Containers[0].Resources.Limits.Memory().String() != "200Mi" {
-					return fmt.Errorf("egress proxy memory limit not updated")
-				}
-				if egressProxy.Spec.Template.Spec.Containers[0].Resources.Requests.Cpu().String() != "100m" {
-					return fmt.Errorf("egress proxy cpu request not updated")
-				}
-				return nil
-			}).
-				WithTimeout(waitTimeout).
-				WithPolling(defaultPolling).
-				Should(Succeed())
-		})
-
 		It("deploys an autoscaler", func() {
 			_, err := getVPA(ctx, centralNamespace, "central-vpa")
 			Expect(err).To(HaveOccurred())
@@ -640,16 +585,7 @@ labels:
 annotations:
   rhacs.redhat.com/org-name: "{{ .OrganizationName }}"
 secureTenantNetwork: false
-centralRdsCidrBlock: "10.1.0.0/16"
-egressProxy:
-  image: "registry.redhat.io/openshift4/ose-egress-http-proxy:v4.14"
-  replicas: 2
-  resources:
-    requests:
-      cpu: 100m
-      memory: 275Mi
-    limits:
-      memory: 275Mi`
+centralRdsCidrBlock: "10.1.0.0/16"`
 }
 
 func tenantResourcesWithCentralVpaEnabled() string {
@@ -664,15 +600,6 @@ annotations:
   rhacs.redhat.com/org-name: "{{ .OrganizationName }}"
 secureTenantNetwork: false
 centralRdsCidrBlock: "10.1.0.0/16"
-egressProxy:
-  image: "registry.redhat.io/openshift4/ose-egress-http-proxy:v4.14"
-  replicas: 2
-  resources:
-    requests:
-      cpu: 100m
-      memory: 275Mi
-    limits:
-      memory: 275Mi
 verticalPodAutoscalers:
   central:
     enabled: true

diff --git a/e2e/e2e_test.go b/e2e/e2e_test.go
@@ -228,13 +228,6 @@ var _ = Describe("Central", Ordered, func() {
 			}
 		})
 
-		It("should spin up an egress proxy with two healthy replicas", func() {
-			Eventually(assertDeploymentHealthyReplicas(ctx, namespaceName, "egress-proxy", 2)).
-				WithTimeout(waitTimeout).
-				WithPolling(defaultPolling).
-				Should(Succeed())
-		})
-
 		It("should backup important secrets in FM database", func() {
 			expectedSecrets := k8s.NewSecretBackup(k8sClient, false).GetWatchedSecrets()
 			Eventually(assertStoredSecrets(ctx, privateAPI, centralRequestID, expectedSecrets)).
@@ -353,13 +346,6 @@ var _ = Describe("Central", Ordered, func() {
 				Should(Succeed())
 		})
 
-		It("should delete the egress proxy", func() {
-			Eventually(assertDeploymentDeleted(ctx, namespaceName, "egress-proxy")).
-				WithTimeout(waitTimeout).
-				WithPolling(defaultPolling).
-				Should(Succeed())
-		})
-
 		It("should remove central namespace", func() {
 			Eventually(assertNamespaceDeleted(ctx, namespaceName)).
 				WithTimeout(waitTimeout).

diff --git a/fleetshard/config/config.go b/fleetshard/config/config.go
@@ -35,7 +35,6 @@ type Config struct {
 	ServiceAccountTokenFile string        `env:"FLEET_MANAGER_TOKEN_FILE"`
 	CreateAuthProvider      bool          `env:"CREATE_AUTH_PROVIDER" envDefault:"false"`
 	MetricsAddress          string        `env:"FLEETSHARD_METRICS_ADDRESS" envDefault:":8080"`
-	EgressProxyImage        string        `env:"EGRESS_PROXY_IMAGE"`
 	DefaultBaseCRDURL       string        `env:"DEFAULT_BASE_CRD_URL" envDefault:"https://raw.githubusercontent.com/stackrox/stackrox/%s/operator/bundle/manifests/"`
 	// TenantImagePullSecret can be used to inject a Kubernetes image pull secret into tenant namespaces.
 	// If it is empty, nothing is injected (for example, it is not required when running on OpenShift).

diff --git a/fleetshard/pkg/central/reconciler/reconciler.go b/fleetshard/pkg/central/reconciler/reconciler.go
@@ -107,7 +107,6 @@ type areSecretsStoredFunc func(secretsStored []string) bool
 type CentralReconcilerOptions struct {
 	UseRoutes             bool
 	WantsAuthProvider     bool
-	EgressProxyImage      string
 	ManagedDBEnabled      bool
 	Telemetry             config.Telemetry
 	ClusterName           string
@@ -132,7 +131,6 @@ type CentralReconciler struct {
 	routeService           *k8s.RouteService
 	secretBackup           *k8s.SecretBackup
 	secretCipher           cipher.Cipher
-	egressProxyImage       string
 	telemetry              config.Telemetry
 	clusterName            string
 	environment            string
@@ -1873,11 +1871,6 @@ func (r *CentralReconciler) chartValues(c private.ManagedCentral) (chartutil.Val
 		"labels":      stringMapToMapInterface(getTenantLabels(c)),
 		"annotations": stringMapToMapInterface(getTenantAnnotations(c)),
 	}
-	if r.egressProxyImage != "" {
-		dst["egressProxy"] = map[string]interface{}{
-			"image": r.egressProxyImage,
-		}
-	}
 	dst["secureTenantNetwork"] = r.secureTenantNetwork
 	return chartutil.CoalesceTables(dst, src), nil
 }
@@ -2059,7 +2052,6 @@ func NewCentralReconciler(k8sClient ctrlClient.Client, fleetmanagerClient *fleet
 		routeService:           k8s.NewRouteService(k8sClient, &opts.RouteParameters),
 		secretBackup:           k8s.NewSecretBackup(k8sClient, opts.ManagedDBEnabled),
 		secretCipher:           secretCipher, // pragma: allowlist secret
-		egressProxyImage:       opts.EgressProxyImage,
 		telemetry:              opts.Telemetry,
 		clusterName:            opts.ClusterName,
 		environment:            opts.Environment,