diff --git a/hack/test-unit.sh b/hack/test-unit.sh index 56ee14777..30e21199d 100755 --- a/hack/test-unit.sh +++ b/hack/test-unit.sh @@ -10,7 +10,6 @@ PACKAGES_TO_TEST=( "github.com/openshift/console-operator/pkg/console/operator" "github.com/openshift/console-operator/pkg/console/starter" "github.com/openshift/console-operator/pkg/console/subresource/configmap" - "github.com/openshift/console-operator/pkg/console/subresource/consoleserver" "github.com/openshift/console-operator/pkg/console/subresource/deployment" "github.com/openshift/console-operator/pkg/console/subresource/oauthclient" "github.com/openshift/console-operator/pkg/console/subresource/route" diff --git a/pkg/api/api.go b/pkg/api/api.go index f7f11d4b5..da500d4b8 100644 --- a/pkg/api/api.go +++ b/pkg/api/api.go @@ -15,7 +15,6 @@ const ( OpenShiftConsoleConfigMapName = "console-config" OpenShiftConsolePublicConfigMapName = "console-public" ServiceCAConfigMapName = "service-ca" - RouterCAConfigMapName = "router-ca" OpenShiftConsoleDeploymentName = OpenShiftConsoleName OpenShiftConsoleServiceName = OpenShiftConsoleName OpenShiftConsoleRouteName = OpenShiftConsoleName diff --git a/pkg/console/controllers/resourcesyncdestination/controller.go b/pkg/console/controllers/resourcesyncdestination/controller.go deleted file mode 100644 index cf4896afe..000000000 --- a/pkg/console/controllers/resourcesyncdestination/controller.go +++ /dev/null @@ -1,138 +0,0 @@ -package resourcesyncdestination - -import ( - "fmt" - "time" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apimachinery/pkg/util/wait" - coreinformersv1 "k8s.io/client-go/informers/core/v1" - coreclientv1 "k8s.io/client-go/kubernetes/typed/core/v1" - "k8s.io/client-go/tools/cache" - "k8s.io/client-go/util/workqueue" - "k8s.io/klog" - - operatorsv1 "github.com/openshift/api/operator/v1" - operatorclientv1 "github.com/openshift/client-go/operator/clientset/versioned/typed/operator/v1" - operatorinformersv1 "github.com/openshift/client-go/operator/informers/externalversions/operator/v1" - "github.com/openshift/console-operator/pkg/api" - "github.com/openshift/library-go/pkg/operator/events" -) - -const ( - controllerWorkQueueKey = "resource-sync-destination-work-queue-key" - controllerName = "ConsoleResourceSyncDestinationController" -) - -type ResourceSyncDestinationController struct { - operatorConfigClient operatorclientv1.ConsoleInterface - configMapClient coreclientv1.ConfigMapsGetter - // events - cachesToSync []cache.InformerSynced - queue workqueue.RateLimitingInterface - recorder events.Recorder -} - -func NewResourceSyncDestinationController( - // operatorconfig - operatorConfigClient operatorclientv1.ConsoleInterface, - operatorConfigInformer operatorinformersv1.ConsoleInformer, - // configmap - corev1Client coreclientv1.CoreV1Interface, - configMapInformer coreinformersv1.ConfigMapInformer, - // events - recorder events.Recorder, -) *ResourceSyncDestinationController { - corev1Client.ConfigMaps(api.OpenShiftConsoleNamespace) - - ctrl := &ResourceSyncDestinationController{ - operatorConfigClient: operatorConfigClient, - configMapClient: corev1Client, - // events - recorder: recorder, - cachesToSync: nil, - queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), controllerName), - } - - configMapInformer.Informer().AddEventHandler(ctrl.newEventHandler()) - operatorConfigInformer.Informer().AddEventHandler(ctrl.newEventHandler()) - ctrl.cachesToSync = append(ctrl.cachesToSync, - operatorConfigInformer.Informer().HasSynced, - configMapInformer.Informer().HasSynced, - ) - - return ctrl -} - -func (c *ResourceSyncDestinationController) sync() error { - operatorConfig, err := c.operatorConfigClient.Get(api.ConfigResourceName, metav1.GetOptions{}) - if err != nil { - return err - } - - switch operatorConfig.Spec.ManagementState { - case operatorsv1.Managed: - klog.V(4).Infoln("console is in a managed state: syncing router-ca configmap") - case operatorsv1.Unmanaged: - klog.V(4).Infoln("console is in an unmanaged state: skipping router-ca configmap sync") - return nil - case operatorsv1.Removed: - klog.V(4).Infoln("console is in an removed state: removing synced router-ca configmap") - return c.removeRouterCAConfigMap() - default: - return fmt.Errorf("unknown state: %v", operatorConfig.Spec.ManagementState) - } - - return err -} - -func (c *ResourceSyncDestinationController) removeRouterCAConfigMap() error { - klog.V(2).Info("deleting router-ca configmap") - defer klog.V(2).Info("finished deleting router-ca configmap") - return c.configMapClient.ConfigMaps(api.OpenShiftConsoleNamespace).Delete(api.RouterCAConfigMapName, &metav1.DeleteOptions{}) -} - -func (c *ResourceSyncDestinationController) Run(workers int, stopCh <-chan struct{}) { - defer runtime.HandleCrash() - defer c.queue.ShutDown() - klog.Infof("starting %v", controllerName) - defer klog.Infof("shutting down %v", controllerName) - if !cache.WaitForCacheSync(stopCh, c.cachesToSync...) { - klog.Infoln("caches did not sync") - runtime.HandleError(fmt.Errorf("caches did not sync")) - return - } - // only start one worker - go wait.Until(c.runWorker, time.Second, stopCh) - <-stopCh -} - -func (c *ResourceSyncDestinationController) runWorker() { - for c.processNextWorkItem() { - } -} - -func (c *ResourceSyncDestinationController) processNextWorkItem() bool { - processKey, quit := c.queue.Get() - if quit { - return false - } - defer c.queue.Done(processKey) - err := c.sync() - if err == nil { - c.queue.Forget(processKey) - return true - } - runtime.HandleError(fmt.Errorf("%v failed with : %v", processKey, err)) - c.queue.AddRateLimited(processKey) - return true -} - -func (c *ResourceSyncDestinationController) newEventHandler() cache.ResourceEventHandler { - return cache.ResourceEventHandlerFuncs{ - AddFunc: func(obj interface{}) { c.queue.Add(controllerWorkQueueKey) }, - UpdateFunc: func(old, new interface{}) { c.queue.Add(controllerWorkQueueKey) }, - DeleteFunc: func(obj interface{}) { c.queue.Add(controllerWorkQueueKey) }, - } -} diff --git a/pkg/console/operator/sync_v400.go b/pkg/console/operator/sync_v400.go index 06cc5d581..6715fd55d 100644 --- a/pkg/console/operator/sync_v400.go +++ b/pkg/console/operator/sync_v400.go @@ -82,9 +82,6 @@ func (co *consoleOperator) sync_v400(updatedOperatorConfig *operatorv1.Console, // The sync loop may not settle, we are unable to honor it in current state. status.HandleProgressingOrDegraded(updatedOperatorConfig, "CustomLogoSync", customLogoErrReason, customLogoError) - routerCAConfigMap, routerCAErrReason, routerCAError := co.ValidateRouterCAConfigMap() - status.HandleProgressingOrDegraded(updatedOperatorConfig, "RouterCAValidation", routerCAErrReason, routerCAError) - sec, secChanged, secErr := co.SyncSecret(set.Operator) toUpdate = toUpdate || secChanged status.HandleProgressingOrDegraded(updatedOperatorConfig, "OAuthClientSecretSync", "FailedApply", secErr) @@ -99,7 +96,7 @@ func (co *consoleOperator) sync_v400(updatedOperatorConfig *operatorv1.Console, return oauthErr } - actualDeployment, depChanged, depErrReason, depErr := co.SyncDeployment(set.Operator, cm, serviceCAConfigMap, routerCAConfigMap, trustedCAConfigMap, sec, rt, set.Proxy, customLogoCanMount) + actualDeployment, depChanged, depErrReason, depErr := co.SyncDeployment(set.Operator, cm, serviceCAConfigMap, trustedCAConfigMap, sec, rt, set.Proxy, customLogoCanMount) toUpdate = toUpdate || depChanged status.HandleProgressingOrDegraded(updatedOperatorConfig, "DeploymentSync", depErrReason, depErr) if depErr != nil { @@ -212,14 +209,13 @@ func (co *consoleOperator) SyncDeployment( operatorConfig *operatorv1.Console, cm *corev1.ConfigMap, serviceCAConfigMap *corev1.ConfigMap, - routerCAConfigMap *corev1.ConfigMap, trustedCAConfigMap *corev1.ConfigMap, sec *corev1.Secret, rt *routev1.Route, proxyConfig *configv1.Proxy, canMountCustomLogo bool) (consoleDeployment *appsv1.Deployment, changed bool, reason string, err error) { - requiredDeployment := deploymentsub.DefaultDeployment(operatorConfig, cm, serviceCAConfigMap, routerCAConfigMap, trustedCAConfigMap, sec, rt, proxyConfig, canMountCustomLogo) + requiredDeployment := deploymentsub.DefaultDeployment(operatorConfig, cm, serviceCAConfigMap, trustedCAConfigMap, sec, rt, proxyConfig, canMountCustomLogo) expectedGeneration := getDeploymentGeneration(co) genChanged := operatorConfig.ObjectMeta.Generation != operatorConfig.Status.ObservedGeneration @@ -289,18 +285,7 @@ func (co *consoleOperator) SyncConfigMap( return nil, false, "FailedManagedConfig", mcErr } - useDefaultCAFile := true - // We are syncing the `router-ca` configmap from `openshift-config-managed` to `openshift-console`. - // `router-ca` is only published in `openshift-config-managed` if an operator-generated default certificate is used. - // It will not exist if all ingresscontrollers user admin-provided default certificates. - // If the `router-ca` configmap in `openshift-console` exist we should mount that to the console container, - // otherwise default to `/var/run/secrets/kubernetes.io/serviceaccount/ca.crt` - _, rcaErr := co.configMapClient.ConfigMaps(api.OpenShiftConsoleNamespace).Get(api.RouterCAConfigMapName, metav1.GetOptions{}) - if rcaErr != nil && apierrors.IsNotFound(rcaErr) { - useDefaultCAFile = false - } - - defaultConfigmap, _, err := configmapsub.DefaultConfigMap(operatorConfig, consoleConfig, managedConfig, infrastructureConfig, consoleRoute, useDefaultCAFile) + defaultConfigmap, _, err := configmapsub.DefaultConfigMap(operatorConfig, consoleConfig, managedConfig, infrastructureConfig, consoleRoute) if err != nil { return nil, false, "FailedConsoleConfigBuilder", err } @@ -423,20 +408,6 @@ func (c *consoleOperator) SyncCustomLogoConfigMap(operatorConfig *operatorsv1.Co return okToMount, reason, err } -func (c *consoleOperator) ValidateRouterCAConfigMap() (routerCA *corev1.ConfigMap, reason string, err error) { - routerCAConfigMap, err := c.configMapClient.ConfigMaps(api.OpenShiftConsoleNamespace).Get(api.RouterCAConfigMapName, metav1.GetOptions{}) - if err != nil { - klog.V(4).Infoln("router-ca configmap not found") - return nil, "FailedGet", fmt.Errorf("router-ca configmap not found") - } - - _, caBundle := routerCAConfigMap.Data["ca-bundle.crt"] - if !caBundle { - return nil, "MissingRouterCABundle", fmt.Errorf("router-ca configmap is missing ca-bundle.crt data") - } - return routerCAConfigMap, "", nil -} - // on each pass of the operator sync loop, we need to check the // operator config for a custom logo. If this has been set, then // we notify the resourceSyncer that it needs to start watching this diff --git a/pkg/console/starter/starter.go b/pkg/console/starter/starter.go index 8ad5ca6f9..d76c4751c 100644 --- a/pkg/console/starter/starter.go +++ b/pkg/console/starter/starter.go @@ -18,7 +18,6 @@ import ( operatorv1 "github.com/openshift/api/operator" "github.com/openshift/console-operator/pkg/api" "github.com/openshift/console-operator/pkg/console/controllers/clidownloads" - "github.com/openshift/console-operator/pkg/console/controllers/resourcesyncdestination" "github.com/openshift/console-operator/pkg/console/operatorclient" "github.com/openshift/library-go/pkg/controller/controllercmd" "github.com/openshift/library-go/pkg/operator/management" @@ -147,12 +146,9 @@ func RunOperator(ctx *controllercmd.ControllerContext) error { resourceSyncerInformers, resourceSyncer := getResourceSyncer(ctx, clientwrapper.WithoutSecret(kubeClient), operatorClient) - err = startResourceSyncing(resourceSyncer) - if err != nil { - return err - } consoleMetrics := metrics.Register() + // TODO: rearrange these into informer,client pairs, NOT separated. consoleOperator := operator.NewConsoleOperator( // top level config configClient.ConfigV1(), @@ -183,13 +179,13 @@ func RunOperator(ctx *controllercmd.ControllerContext) error { recorder, resourceSyncer, ) - cliDownloadsController := clidownloads.NewCLIDownloadsSyncController( // clients operatorClient, operatorConfigClient.OperatorV1(), consoleClient.ConsoleV1().ConsoleCLIDownloads(), routesClient.RouteV1(), + // informers operatorConfigInformers.Operator().V1().Consoles(), // OperatorConfig consoleInformers.Console().V1().ConsoleCLIDownloads(), // ConsoleCliDownloads @@ -198,19 +194,6 @@ func RunOperator(ctx *controllercmd.ControllerContext) error { recorder, ) - // ResourceSyncDestinationController contains additional logic for all the - // secrets and configmaps that we resourceSyncer is taking care of - resourceSyncDestinationController := resourcesyncdestination.NewResourceSyncDestinationController( - // operatorconfig - operatorConfigClient.OperatorV1().Consoles(), - operatorConfigInformers.Operator().V1().Consoles(), - // configmap - kubeClient.CoreV1(), - kubeInformersNamespaced.Core().V1().ConfigMaps(), - // events - recorder, - ) - consoleServiceController := service.NewServiceSyncController( // clients operatorConfigClient.OperatorV1().Consoles(), // operator config so we can update status @@ -284,7 +267,6 @@ func RunOperator(ctx *controllercmd.ControllerContext) error { } go consoleServiceController.Run(1, ctx.Done()) - go resourceSyncDestinationController.Run(1, ctx.Done()) go consoleOperator.Run(ctx.Done()) go resourceSyncer.Run(1, ctx.Done()) go clusterOperatorStatus.Run(1, ctx.Done()) @@ -298,25 +280,11 @@ func RunOperator(ctx *controllercmd.ControllerContext) error { return fmt.Errorf("stopped") } -// startResourceSyncing should start syncing process of all secrets and configmaps that need to be synced. -func startResourceSyncing(resourceSyncer *resourcesynccontroller.ResourceSyncController) error { - // sync: 'router-ca' configmap - // from: 'openshift-config-managed' namespace - // to: 'openshift-console' namespace - err := resourceSyncer.SyncConfigMap( - resourcesynccontroller.ResourceLocation{Name: api.RouterCAConfigMapName, Namespace: api.OpenShiftConsoleNamespace}, - resourcesynccontroller.ResourceLocation{Name: api.RouterCAConfigMapName, Namespace: api.OpenShiftConfigManagedNamespace}, - ) - - return err -} - func getResourceSyncer(ctx *controllercmd.ControllerContext, kubeClient kubernetes.Interface, operatorClient v1helpers.OperatorClient) (v1helpers.KubeInformersForNamespaces, *resourcesynccontroller.ResourceSyncController) { resourceSyncerInformers := v1helpers.NewKubeInformersForNamespaces( kubeClient, api.OpenShiftConfigNamespace, api.OpenShiftConsoleNamespace, - api.OpenShiftConfigManagedNamespace, ) resourceSyncer := resourcesynccontroller.NewResourceSyncController( operatorClient, diff --git a/pkg/console/subresource/configmap/configmap.go b/pkg/console/subresource/configmap/configmap.go index 74d9c5fd7..2a88e252e 100644 --- a/pkg/console/subresource/configmap/configmap.go +++ b/pkg/console/subresource/configmap/configmap.go @@ -39,15 +39,13 @@ func DefaultConfigMap( consoleConfig *configv1.Console, managedConfig *corev1.ConfigMap, infrastructureConfig *configv1.Infrastructure, - rt *routev1.Route, - useDefaultCAFile bool) (consoleConfigmap *corev1.ConfigMap, unsupportedOverridesHaveMerged bool, err error) { + rt *routev1.Route) (consoleConfigmap *corev1.ConfigMap, unsupportedOverridesHaveMerged bool, err error) { defaultBuilder := &consoleserver.ConsoleServerCLIConfigBuilder{} defaultConfig, err := defaultBuilder.Host(rt.Spec.Host). LogoutURL(defaultLogoutURL). Brand(DEFAULT_BRAND). DocURL(DEFAULT_DOC_URL). - RouterCA(useDefaultCAFile). APIServerURL(getApiUrl(infrastructureConfig)). ConfigYAML() @@ -57,7 +55,6 @@ func DefaultConfigMap( LogoutURL(consoleConfig.Spec.Authentication.LogoutRedirect). Brand(operatorConfig.Spec.Customization.Brand). DocURL(operatorConfig.Spec.Customization.DocumentationBaseURL). - RouterCA(useDefaultCAFile). APIServerURL(getApiUrl(infrastructureConfig)). CustomLogoFile(operatorConfig.Spec.Customization.CustomLogoFile.Key). CustomProductName(operatorConfig.Spec.Customization.CustomProductName). diff --git a/pkg/console/subresource/configmap/configmap_test.go b/pkg/console/subresource/configmap/configmap_test.go index 31d715b6a..305a1c2f0 100644 --- a/pkg/console/subresource/configmap/configmap_test.go +++ b/pkg/console/subresource/configmap/configmap_test.go @@ -33,7 +33,6 @@ func TestDefaultConfigMap(t *testing.T) { managedConfig *corev1.ConfigMap infrastructureConfig *configv1.Infrastructure rt *routev1.Route - useDefaultCAFile bool } tests := []struct { name string @@ -56,7 +55,6 @@ func TestDefaultConfigMap(t *testing.T) { Host: host, }, }, - useDefaultCAFile: true, }, want: &corev1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ @@ -82,52 +80,6 @@ servingInfo: certFile: /var/serving-cert/tls.crt keyFile: /var/serving-cert/tls.key providers: {} -`, - }, - }, - }, - { - name: "Test configmap with router-ca", - args: args{ - operatorConfig: &operatorv1.Console{}, - consoleConfig: &configv1.Console{}, - managedConfig: &corev1.ConfigMap{}, - infrastructureConfig: &configv1.Infrastructure{ - Status: configv1.InfrastructureStatus{ - APIServerURL: mockAPIServer, - }, - }, - rt: &routev1.Route{ - Spec: routev1.RouteSpec{ - Host: host, - }, - }, - useDefaultCAFile: false, - }, - want: &corev1.ConfigMap{ - ObjectMeta: metav1.ObjectMeta{ - Name: api.OpenShiftConsoleConfigMapName, - Namespace: api.OpenShiftConsoleNamespace, - Labels: map[string]string{"app": api.OpenShiftConsoleName}, - Annotations: map[string]string{}, - }, - Data: map[string]string{configKey: `kind: ConsoleConfig -apiVersion: console.openshift.io/v1 -auth: - clientID: console - clientSecretFile: /var/oauth-config/clientSecret - oauthEndpointCAFile: /var/router-ca/ca-bundle.crt -clusterInfo: - consoleBaseAddress: https://` + host + ` - masterPublicURL: ` + mockAPIServer + ` -customization: - branding: ` + DEFAULT_BRAND + ` - documentationBaseURL: ` + DEFAULT_DOC_URL + ` -servingInfo: - bindAddress: https://0.0.0.0:8443 - certFile: /var/serving-cert/tls.crt - keyFile: /var/serving-cert/tls.key -providers: {} `, }, }, @@ -156,7 +108,6 @@ customization: Host: host, }, }, - useDefaultCAFile: true, }, want: &corev1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ @@ -219,7 +170,6 @@ customization: Host: host, }, }, - useDefaultCAFile: true, }, want: &corev1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ @@ -287,7 +237,6 @@ customization: Host: host, }, }, - useDefaultCAFile: true, }, want: &corev1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ @@ -357,7 +306,6 @@ customization: Host: host, }, }, - useDefaultCAFile: true, }, want: &corev1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ @@ -391,7 +339,7 @@ providers: } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - cm, _, _ := DefaultConfigMap(tt.args.operatorConfig, tt.args.consoleConfig, tt.args.managedConfig, tt.args.infrastructureConfig, tt.args.rt, tt.args.useDefaultCAFile) + cm, _, _ := DefaultConfigMap(tt.args.operatorConfig, tt.args.consoleConfig, tt.args.managedConfig, tt.args.infrastructureConfig, tt.args.rt) // marshall the exampleYaml to map[string]interface{} so we can use it in diff below var exampleConfig map[string]interface{} diff --git a/pkg/console/subresource/consoleserver/config_builder.go b/pkg/console/subresource/consoleserver/config_builder.go index 248c9f346..3e5b93148 100644 --- a/pkg/console/subresource/consoleserver/config_builder.go +++ b/pkg/console/subresource/consoleserver/config_builder.go @@ -10,7 +10,6 @@ import ( const ( clientSecretFilePath = "/var/oauth-config/clientSecret" - routerCAFilePath = "/var/router-ca/ca-bundle.crt" oauthEndpointCAFilePath = "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" // serving info certFilePath = "/var/serving-cert/tls.crt" @@ -37,7 +36,6 @@ type ConsoleServerCLIConfigBuilder struct { statusPageID string customProductName string customLogoFile string - CAFile string } func (b *ConsoleServerCLIConfigBuilder) Host(host string) *ConsoleServerCLIConfigBuilder { @@ -76,15 +74,6 @@ func (b *ConsoleServerCLIConfigBuilder) StatusPageID(id string) *ConsoleServerCL return b } -func (b *ConsoleServerCLIConfigBuilder) RouterCA(useDefaultRouterCA bool) *ConsoleServerCLIConfigBuilder { - if useDefaultRouterCA { - b.CAFile = oauthEndpointCAFilePath - return b - } - b.CAFile = routerCAFilePath - return b -} - func (b *ConsoleServerCLIConfigBuilder) Config() Config { return Config{ Kind: "ConsoleConfig", @@ -130,15 +119,10 @@ func (b *ConsoleServerCLIConfigBuilder) clusterInfo() ClusterInfo { } func (b *ConsoleServerCLIConfigBuilder) authServer() Auth { - // we need this fallback due to the way our unit test are structured, - // where the ConsoleServerCLIConfigBuilder object is being instantiated empty - if b.CAFile == "" { - b.CAFile = oauthEndpointCAFilePath - } conf := Auth{ ClientID: api.OpenShiftConsoleName, ClientSecretFile: clientSecretFilePath, - OAuthEndpointCAFile: b.CAFile, + OAuthEndpointCAFile: oauthEndpointCAFilePath, } if len(b.logoutRedirectURL) > 0 { conf.LogoutRedirect = b.logoutRedirectURL diff --git a/pkg/console/subresource/consoleserver/config_builder_test.go b/pkg/console/subresource/consoleserver/config_builder_test.go index 136ab0d4e..2628ee4da 100644 --- a/pkg/console/subresource/consoleserver/config_builder_test.go +++ b/pkg/console/subresource/consoleserver/config_builder_test.go @@ -51,7 +51,6 @@ func TestConsoleServerCLIConfigBuilder(t *testing.T) { APIServerURL("https://foobar.com/api"). Host("https://foobar.com/host"). LogoutURL("https://foobar.com/logout"). - RouterCA(false). Config() }, output: Config{ @@ -70,7 +69,7 @@ func TestConsoleServerCLIConfigBuilder(t *testing.T) { Auth: Auth{ ClientID: api.OpenShiftConsoleName, ClientSecretFile: clientSecretFilePath, - OAuthEndpointCAFile: routerCAFilePath, + OAuthEndpointCAFile: oauthEndpointCAFilePath, LogoutRedirect: "https://foobar.com/logout", }, Customization: Customization{}, @@ -193,7 +192,6 @@ providers: {} APIServerURL("https://foobar.com/api"). Host("https://foobar.com/host"). LogoutURL("https://foobar.com/logout"). - RouterCA(false). ConfigYAML() }, output: `apiVersion: console.openshift.io/v1 @@ -208,7 +206,7 @@ clusterInfo: auth: clientID: console clientSecretFile: /var/oauth-config/clientSecret - oauthEndpointCAFile: /var/router-ca/ca-bundle.crt + oauthEndpointCAFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt logoutRedirect: https://foobar.com/logout customization: {} providers: {} @@ -245,8 +243,7 @@ providers: Brand(v1.BrandOKD). DocURL("https://foobar.com/docs"). APIServerURL("https://foobar.com/api"). - StatusPageID("status-12345"). - RouterCA(true) + StatusPageID("status-12345") return b.ConfigYAML() }, output: `apiVersion: console.openshift.io/v1 diff --git a/pkg/console/subresource/deployment/deployment.go b/pkg/console/subresource/deployment/deployment.go index 1bab11c8e..9a179abf9 100644 --- a/pkg/console/subresource/deployment/deployment.go +++ b/pkg/console/subresource/deployment/deployment.go @@ -34,7 +34,6 @@ const ( configMapResourceVersionAnnotation = "console.openshift.io/console-config-version" proxyConfigResourceVersionAnnotation = "console.openshift.io/proxy-config-version" serviceCAConfigMapResourceVersionAnnotation = "console.openshift.io/service-ca-config-version" - routerCAConfigMapResourceVersionAnnotation = "console.openshift.io/router-ca-config-version" trustedCAConfigMapResourceVersionAnnotation = "console.openshift.io/trusted-ca-config-version" secretResourceVersionAnnotation = "console.openshift.io/oauth-secret-version" consoleImageAnnotation = "console.openshift.io/image" @@ -45,7 +44,6 @@ var ( configMapResourceVersionAnnotation, proxyConfigResourceVersionAnnotation, serviceCAConfigMapResourceVersionAnnotation, - routerCAConfigMapResourceVersionAnnotation, trustedCAConfigMapResourceVersionAnnotation, secretResourceVersionAnnotation, consoleImageAnnotation, @@ -63,14 +61,13 @@ type volumeConfig struct { mappedKeys map[string]string } -func DefaultDeployment(operatorConfig *operatorv1.Console, cm *corev1.ConfigMap, serviceCAConfigMap *corev1.ConfigMap, routerCAConfigMap *corev1.ConfigMap, trustedCAConfigMap *corev1.ConfigMap, sec *corev1.Secret, rt *routev1.Route, proxyConfig *configv1.Proxy, canMountCustomLogo bool) *appsv1.Deployment { +func DefaultDeployment(operatorConfig *operatorv1.Console, cm *corev1.ConfigMap, serviceCAConfigMap *corev1.ConfigMap, trustedCAConfigMap *corev1.ConfigMap, sec *corev1.Secret, rt *routev1.Route, proxyConfig *configv1.Proxy, canMountCustomLogo bool) *appsv1.Deployment { labels := util.LabelsForConsole() meta := util.SharedMeta() meta.Labels = labels annotations := map[string]string{ configMapResourceVersionAnnotation: cm.GetResourceVersion(), serviceCAConfigMapResourceVersionAnnotation: serviceCAConfigMap.GetResourceVersion(), - routerCAConfigMapResourceVersionAnnotation: routerCAConfigMap.GetResourceVersion(), trustedCAConfigMapResourceVersionAnnotation: trustedCAConfigMap.GetResourceVersion(), proxyConfigResourceVersionAnnotation: proxyConfig.GetResourceVersion(), secretResourceVersionAnnotation: sec.GetResourceVersion(), @@ -422,12 +419,6 @@ func defaultVolumeConfig() []volumeConfig { path: "/var/service-ca", isConfigMap: true, }, - { - name: api.RouterCAConfigMapName, - readOnly: true, - path: "/var/router-ca", - isConfigMap: true, - }, } } diff --git a/pkg/console/subresource/deployment/deployment_test.go b/pkg/console/subresource/deployment/deployment_test.go index 6cc3fc951..a68162f64 100644 --- a/pkg/console/subresource/deployment/deployment_test.go +++ b/pkg/console/subresource/deployment/deployment_test.go @@ -27,7 +27,6 @@ func TestDefaultDeployment(t *testing.T) { config *operatorsv1.Console cm *corev1.ConfigMap ca *corev1.ConfigMap - rca *corev1.ConfigMap tca *corev1.ConfigMap sec *corev1.Secret rt *v1.Route @@ -61,7 +60,6 @@ func TestDefaultDeployment(t *testing.T) { Annotations: map[string]string{ configMapResourceVersionAnnotation: "", secretResourceVersionAnnotation: "", - routerCAConfigMapResourceVersionAnnotation: "", serviceCAConfigMapResourceVersionAnnotation: "", trustedCAConfigMapResourceVersionAnnotation: "", proxyConfigResourceVersionAnnotation: "", @@ -118,7 +116,6 @@ func TestDefaultDeployment(t *testing.T) { consoleDeploymentTemplateAnnotations := map[string]string{ configMapResourceVersionAnnotation: "", secretResourceVersionAnnotation: "", - routerCAConfigMapResourceVersionAnnotation: "", serviceCAConfigMapResourceVersionAnnotation: "", trustedCAConfigMapResourceVersionAnnotation: "", proxyConfigResourceVersionAnnotation: "", @@ -165,10 +162,7 @@ func TestDefaultDeployment(t *testing.T) { config: consoleOperatorConfig, cm: consoleConfig, ca: &corev1.ConfigMap{}, - rca: &corev1.ConfigMap{ - Data: map[string]string{"ca-bundle.crt": "test"}, - }, - tca: trustedCAConfigMapEmpty, + tca: trustedCAConfigMapEmpty, sec: &corev1.Secret{ TypeMeta: metav1.TypeMeta{}, ObjectMeta: metav1.ObjectMeta{}, @@ -230,10 +224,7 @@ func TestDefaultDeployment(t *testing.T) { config: consoleOperatorConfig, cm: consoleConfig, ca: &corev1.ConfigMap{}, - rca: &corev1.ConfigMap{ - Data: map[string]string{"ca-bundle.crt": "test"}, - }, - tca: trustedCAConfigMapSet, + tca: trustedCAConfigMapSet, sec: &corev1.Secret{ TypeMeta: metav1.TypeMeta{}, ObjectMeta: metav1.ObjectMeta{}, @@ -292,7 +283,7 @@ func TestDefaultDeployment(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - if diff := deep.Equal(DefaultDeployment(tt.args.config, tt.args.cm, tt.args.rca, tt.args.cm, tt.args.tca, tt.args.sec, tt.args.rt, tt.args.proxy, tt.args.canMountCustomLogo), tt.want); diff != nil { + if diff := deep.Equal(DefaultDeployment(tt.args.config, tt.args.cm, tt.args.cm, tt.args.tca, tt.args.sec, tt.args.rt, tt.args.proxy, tt.args.canMountCustomLogo), tt.want); diff != nil { t.Error(diff) } }) @@ -396,19 +387,6 @@ func Test_consoleVolumes(t *testing.T) { }, }, } - routerCA := corev1.Volume{ - Name: api.RouterCAConfigMapName, - VolumeSource: corev1.VolumeSource{ - ConfigMap: &corev1.ConfigMapVolumeSource{ - LocalObjectReference: corev1.LocalObjectReference{ - Name: api.RouterCAConfigMapName, - }, - Items: nil, - DefaultMode: nil, - Optional: nil, - }, - }, - } tests := []struct { name string args args @@ -424,7 +402,6 @@ func Test_consoleVolumes(t *testing.T) { consoleOauthConfig, consoleConfig, serviceCA, - routerCA, }, }, { @@ -437,7 +414,6 @@ func Test_consoleVolumes(t *testing.T) { consoleOauthConfig, consoleConfig, serviceCA, - routerCA, { Name: api.TrustedCAConfigMapName, VolumeSource: corev1.VolumeSource{ @@ -503,11 +479,6 @@ func Test_consoleVolumeMounts(t *testing.T) { ReadOnly: true, MountPath: "/var/service-ca", }, - { - Name: api.RouterCAConfigMapName, - ReadOnly: true, - MountPath: "/var/router-ca", - }, }, }, {name: "Test console volumes Mounts with TrustedCA", @@ -535,11 +506,6 @@ func Test_consoleVolumeMounts(t *testing.T) { ReadOnly: true, MountPath: "/var/service-ca", }, - { - Name: api.RouterCAConfigMapName, - ReadOnly: true, - MountPath: "/var/router-ca", - }, { Name: api.TrustedCAConfigMapName, ReadOnly: true,