From 4401530571c1db53d57977b6ed14cca2a4dc9aaf Mon Sep 17 00:00:00 2001 From: Tom Klapiscak <7372253+tomklapiscak@users.noreply.github.com> Date: Wed, 24 Apr 2024 17:53:27 +0100 Subject: [PATCH] delete deprecated docdb jobs from ibm-sls app --- ...ws_docdb_process_mongo_user_sync_hook.yaml | 250 ------------------ ...01-ibm-resource_cleanup_postsync_hook.yaml | 86 ------ 2 files changed, 336 deletions(-) delete mode 100644 applications/100-ibm-sls/templates/01-ibm-aws_docdb_process_mongo_user_sync_hook.yaml delete mode 100644 applications/100-ibm-sls/templates/01-ibm-resource_cleanup_postsync_hook.yaml diff --git a/applications/100-ibm-sls/templates/01-ibm-aws_docdb_process_mongo_user_sync_hook.yaml b/applications/100-ibm-sls/templates/01-ibm-aws_docdb_process_mongo_user_sync_hook.yaml deleted file mode 100644 index 6bd80e996..000000000 --- a/applications/100-ibm-sls/templates/01-ibm-aws_docdb_process_mongo_user_sync_hook.yaml +++ /dev/null @@ -1,250 +0,0 @@ -{{- if eq .Values.ibm_sls.mongodb_provider "aws" }} -{{- if or (eq .Values.ibm_sls.user_action "remove") (eq .Values.ibm_sls.user_action "add") }} - -{{- $hook := "" }} -{{- if (eq .Values.ibm_sls.user_action "remove") }} -{{- $hook = "PostSync" }} -{{- else if (eq .Values.ibm_sls.user_action "add") }} -{{- $hook = "PreSync" }} -{{- end}} - ---- -apiVersion: v1 -kind: Namespace -metadata: - name: mas-{{ .Values.ibm_sls.mas_instance_id }}-sync-job - annotations: - argocd.argoproj.io/hook: {{ $hook }} - argocd.argoproj.io/sync-wave: "1" - argocd.argoproj.io/hook-delete-policy: HookSucceeded - ---- -kind: Secret -apiVersion: v1 -metadata: - name: aws-docdb - namespace: mas-{{ .Values.ibm_sls.mas_instance_id }}-sync-job - annotations: - argocd.argoproj.io/hook: {{ $hook }} - argocd.argoproj.io/sync-wave: "2" - argocd.argoproj.io/hook-delete-policy: HookSucceeded -stringData: - docdb_master_username: {{ .Values.ibm_sls.docdb_master_username }} - docdb_master_password: {{ .Values.ibm_sls.docdb_master_password }} - docdb_master_info: {{ .Values.ibm_sls.docdb_master_info }} - docdb_instance_username: {{ .Values.ibm_sls.sls_mongo_username }} - docdb_instance_password: {{ .Values.ibm_sls.sls_mongo_password }} -type: Opaque - ---- -kind: Secret -apiVersion: v1 -metadata: - name: aws - namespace: mas-{{ .Values.ibm_sls.mas_instance_id }}-sync-job - annotations: - argocd.argoproj.io/hook: {{ $hook }} - argocd.argoproj.io/sync-wave: "2" - argocd.argoproj.io/hook-delete-policy: HookSucceeded -stringData: - aws_access_key_id: {{ .Values.ibm_sls.sm_aws_access_key_id }} - aws_secret_access_key: {{ .Values.ibm_sls.sm_aws_secret_access_key }} - aws_default_region: {{ .Values.ibm_sls.sm_aws_region }} -type: Opaque - ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: sync-sa - namespace: mas-{{ .Values.ibm_sls.mas_instance_id }}-sync-job - annotations: - argocd.argoproj.io/hook: {{ $hook }} - argocd.argoproj.io/sync-wave: "3" - argocd.argoproj.io/hook-delete-policy: HookSucceeded - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: sync-sa - #namespace: mas-{{ .Values.ibm_sls.mas_instance_id }}-sync-job - annotations: - argocd.argoproj.io/hook: {{ $hook }} - argocd.argoproj.io/sync-wave: "4" - argocd.argoproj.io/hook-delete-policy: HookSucceeded -subjects: - - kind: ServiceAccount - name: sync-sa - namespace: mas-{{ .Values.ibm_sls.mas_instance_id }}-sync-job -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin - ---- -# Permit outbound communication by the Job pods -# (Needed to communicate with the K8S HTTP API and AWS SM) -kind: NetworkPolicy -apiVersion: networking.k8s.io/v1 -metadata: - name: sync-role-network-policy - namespace: mas-{{ .Values.ibm_sls.mas_instance_id }}-sync-job - annotations: - argocd.argoproj.io/hook: {{ $hook }} - argocd.argoproj.io/hook-delete-policy: HookSucceeded - argocd.argoproj.io/sync-wave: "5" -spec: - podSelector: - matchLabels: - app: "sync-role" - egress: - - {} - policyTypes: - - Egress - ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: aws-docdb-process-user-sync-role - generateName: aws-docdb-process-user-sync-role- - namespace: mas-{{ .Values.ibm_sls.mas_instance_id }}-sync-job - annotations: - argocd.argoproj.io/hook: {{ $hook }} - argocd.argoproj.io/hook-delete-policy: HookSucceeded - argocd.argoproj.io/sync-wave: "6" -spec: - template: - metadata: - labels: - app: "sync-role" - spec: - containers: - - name: aws-docdb-process-user - image: quay.io/ibmmas/cli:8.1.0-pre.gitops - imagePullPolicy: IfNotPresent - env: - - name: USER_ACTION - value: "{{ .Values.ibm_sls.user_action }}" - - name: MAS_INSTANCE_ID - value: "{{ .Values.ibm_sls.mas_instance_id }}" - - - name: ACCOUNT_ID - value: "{{ .Values.ibm_sls.account_id }}" - - name: CLUSTER_ID - value: "{{ .Values.ibm_sls.cluster_id }}" - - - name: DOCDB_HOST - value: "{{ .Values.ibm_sls.docdb_host }}" - - name: DOCDB_PORT - value: "{{ .Values.ibm_sls.docdb_port }}" - - name: MAS_CONFIG_DIR - value: "/tmp/{{ .Values.ibm_sls.mas_instance_id }}/aws_documentdb_user" - - - name: DOCDB_MASTER_USERNAME - valueFrom: - secretKeyRef: - name: aws-docdb - key: docdb_master_username - - name: DOCDB_MASTER_PASSWORD - valueFrom: - secretKeyRef: - name: aws-docdb - key: docdb_master_password - - name: DOCDB_MASTER_INFO - valueFrom: - secretKeyRef: - name: aws-docdb - key: docdb_master_info - - - name: DOCDB_INSTANCE_USERNAME - valueFrom: - secretKeyRef: - name: aws-docdb - key: docdb_instance_username - - name: DOCDB_INSTANCE_PASSWORD - valueFrom: - secretKeyRef: - name: aws-docdb - key: docdb_instance_password - - - name: SM_AWS_REGION - valueFrom: - secretKeyRef: - name: aws - key: aws_default_region - - name: SM_AWS_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: aws - key: aws_access_key_id - - name: SM_AWS_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: aws - key: aws_secret_access_key - - command: - - /bin/sh - - -c - - | - - set -e - mkdir -p ${MAS_CONFIG_DIR} - - echo "USER_ACTION=${USER_ACTION}" - echo "MAS_CONFIG_DIR=${MAS_CONFIG_DIR}" - echo "MAS_INSTANCE_ID=${MAS_INSTANCE_ID}" - echo "DOCDB_HOST=${DOCDB_HOST}" - echo "DOCDB_PORT=${DOCDB_PORT}" - - echo "DOCDB_MASTER_USERNAME=${DOCDB_MASTER_USERNAME:0:5}" - echo "DOCDB_MASTER_PASSWORD=${DOCDB_MASTER_PASSWORD:0:5}" - echo "DOCDB_MASTER_INFO=${DOCDB_MASTER_INFO}" - - echo "DOCDB_INSTANCE_USERNAME=${DOCDB_INSTANCE_USERNAME:0:5}" - echo "DOCDB_INSTANCE_PASSWORD=${DOCDB_INSTANCE_PASSWORD:0:5}" - - echo "SM_AWS_REGION=${SM_AWS_REGION}" - echo "SM_AWS_ACCESS_KEY_ID=${SM_AWS_ACCESS_KEY_ID:0:5}" - echo "SM_AWS_SECRET_ACCESS_KEY=${SM_AWS_SECRET_ACCESS_KEY:0:5}" - - if [[ -z "${DOCDB_INSTANCE_USERNAME}" || "${DOCDB_INSTANCE_USERNAME}" == "" ]]; then - export DOCDB_INSTANCE_USERNAME=masinst_${MAS_INSTANCE_ID} - echo "DOCDB_INSTANCE_USERNAME=${DOCDB_INSTANCE_USERNAME:0:5}" - fi - - if [[ -z "${DOCDB_INSTANCE_PASSWORD}" || "${DOCDB_INSTANCE_PASSWORD}" == "" ]]; then - export DOCDB_INSTANCE_PASSWORD=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 20` - echo "DOCDB_INSTANCE_PASSWORD=${DOCDB_INSTANCE_PASSWORD:0:5}" - fi - - /opt/app-root/src/run-role.sh aws_documentdb_user - rc=$? - [ $rc -ne 0 ] && exit $rc - - source /mascli/functions/gitops_utils - sm_login - - SECRETS_KEY_SEPERATOR="/" - export SECRET_NAME_MONGO=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}${MAS_INSTANCE_ID}${SECRETS_KEY_SEPERATOR}mongo - if [[ "${USER_ACTION}" == "add" ]]; then - # Setting instance username and password into mongo instance secret, along with Info - ESCAPED_INFO=${DOCDB_MASTER_INFO//\"/\\\"} - ESCAPED_INFO=${ESCAPED_INFO//$'\n'/\\n} - - echo "DOCDB_MASTER_INFO (ESCAPED_INFO)=${DOCDB_MASTER_INFO}" - sm_update_secret $SECRET_NAME_MONGO "{\"info\":\"$ESCAPED_INFO\", \"username\":\"$DOCDB_INSTANCE_USERNAME\", \"password\":\"$DOCDB_INSTANCE_PASSWORD\"}" - fi - - if [[ "${USER_ACTION}" == "remove" ]]; then - echo "aws secretsmanager delete-secret - $SECRET_NAME_MONGO" - aws secretsmanager delete-secret --force-delete-without-recovery --secret-id $SECRET_NAME_MONGO - fi - restartPolicy: Never - serviceAccountName: sync-sa - backoffLimit: 0 - -{{- end }} -{{- end }} diff --git a/applications/100-ibm-sls/templates/01-ibm-resource_cleanup_postsync_hook.yaml b/applications/100-ibm-sls/templates/01-ibm-resource_cleanup_postsync_hook.yaml deleted file mode 100644 index 2b269229c..000000000 --- a/applications/100-ibm-sls/templates/01-ibm-resource_cleanup_postsync_hook.yaml +++ /dev/null @@ -1,86 +0,0 @@ -{{- if eq .Values.ibm_sls.mongodb_provider "aws" }} -{{- if or (eq .Values.ibm_sls.user_action "remove") (eq .Values.ibm_sls.user_action "add") }} - ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: sync-sa - namespace: mas-{{ .Values.ibm_sls.mas_instance_id }}-sls - annotations: - argocd.argoproj.io/hook: PostSync,SyncFail - argocd.argoproj.io/sync-wave: "1" - argocd.argoproj.io/hook-delete-policy: HookSucceeded - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: sync-sa - annotations: - argocd.argoproj.io/hook: PostSync,SyncFail - argocd.argoproj.io/sync-wave: "2" - argocd.argoproj.io/hook-delete-policy: HookSucceeded -subjects: - - kind: ServiceAccount - name: sync-sa - namespace: mas-{{ .Values.ibm_sls.mas_instance_id }}-sls -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin - ---- -# Permit outbound communication by the Job pods -# (Needed to communicate with the K8S HTTP API and AWS SM) -kind: NetworkPolicy -apiVersion: networking.k8s.io/v1 -metadata: - name: sync-role-network-policy - namespace: mas-{{ .Values.ibm_sls.mas_instance_id }}-sls - annotations: - argocd.argoproj.io/hook: PostSync,SyncFail - argocd.argoproj.io/hook-delete-policy: HookSucceeded - argocd.argoproj.io/sync-wave: "3" -spec: - podSelector: - matchLabels: - app: "sync-role" - egress: - - {} - policyTypes: - - Egress - ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: aws-docdb-process-user-sync-role - namespace: mas-{{ .Values.ibm_sls.mas_instance_id }}-sls - annotations: - argocd.argoproj.io/hook: PostSync,SyncFail - argocd.argoproj.io/hook-delete-policy: HookSucceeded - argocd.argoproj.io/sync-wave: "7" -spec: - template: - metadata: - labels: - app: "sync-role" - spec: - containers: - - name: aws-docdb-process-user - image: quay.io/ibmmas/cli:8.1.0-pre.gitops - imagePullPolicy: IfNotPresent - - command: - - /bin/sh - - -c - - | - oc delete project mas-{{ .Values.ibm_sls.mas_instance_id }}-sync-job - - restartPolicy: Never - serviceAccountName: sync-sa - backoffLimit: 0 - -{{- end }} -{{- end }}