remove secret creation on HA enable

replicatedhq · Jul 24, 2024 · 5ef0029 · 5ef0029
1 parent 09aac4d
commit 5ef0029
Show file tree

Hide file tree

Showing 10 changed files with 5 additions and 748 deletions.
diff --git a/controllers/installation_controller.go b/controllers/installation_controller.go
@@ -422,18 +422,7 @@ func (r *InstallationReconciler) ReconcileRegistry(ctx context.Context, in *v1be
 		return fmt.Errorf("failed to get cluster config: %w", err)
 	}
 
-	serviceCIDR := util.ClusterServiceCIDR(clusterConfig, in)
-
-	err := registry.EnsureResources(ctx, in, r.Client, serviceCIDR)
-	if err != nil {
-		// Conditions may be updated so we need to update the status
-		if err := r.Status().Update(ctx, in); err != nil {
-			log.Error(err, "Failed to update installation status")
-		}
-		return fmt.Errorf("failed to ensure registry resources: %w", err)
-	}
-
-	err = registry.MigrateRegistryData(ctx, in, r.Client)
+	err := registry.MigrateRegistryData(ctx, in, r.Client)
 	if err != nil {
 		if err := r.Status().Update(ctx, in); err != nil {
 			log.Error(err, "Failed to update installation status")

diff --git a/pkg/registry/labels.go b/pkg/registry/labels.go
@@ -10,15 +10,3 @@ func applyRegistryLabels(labels map[string]string, component string) map[string]
 	labels["app.kubernetes.io/managed-by"] = "embedded-cluster-operator"
 	return labels
 }
-
-func applySeaweedFSLabels(labels map[string]string, component string) map[string]string {
-	if labels == nil {
-		labels = make(map[string]string)
-	}
-	labels["app.kubernetes.io/name"] = "seaweedfs" // this is the backup/restore label for seaweedfs
-	labels["app.kubernetes.io/component"] = component
-	labels["app.kubernetes.io/instance"] = "seaweedfs"
-	labels["app.kubernetes.io/part-of"] = "embedded-cluster"
-	labels["app.kubernetes.io/managed-by"] = "embedded-cluster-operator"
-	return labels
-}
diff --git a/pkg/registry/migrate.go b/pkg/registry/migrate.go
@@ -21,6 +21,10 @@ const registryDataMigrationJobName = "registry-data-migration"
 const RegistryMigrationStatusConditionType = "RegistryMigrationStatus"
 const RegistryMigrationServiceAccountName = "registry-data-migration-serviceaccount"
 
+// registryS3SecretName is the name of the Registry secret.
+// This secret name is defined in the chart in the release metadata.
+const registryS3SecretName = "seaweedfs-s3-rw"
+
 // MigrateRegistryData should be called when transitioning from non-HA to HA airgapped installations
 // this function creates a job that will scale down the registry deployment then upload the data to s3
 // before finally creating a 'migration is complete' secret in the registry namespace

diff --git a/pkg/registry/registry.go b/pkg/registry/registry.go
@@ -1,17 +1,9 @@
 package registry
 
 import (
-	"context"
 	"fmt"
 
-	clusterv1beta1 "github.com/replicatedhq/embedded-cluster-kinds/apis/v1beta1"
 	"github.com/replicatedhq/embedded-cluster-operator/pkg/util"
-	corev1 "k8s.io/api/core/v1"
-	k8serrors "k8s.io/apimachinery/pkg/api/errors"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	ctrl "sigs.k8s.io/controller-runtime"
-	"sigs.k8s.io/controller-runtime/pkg/client"
-	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 )
 
 const (
@@ -24,30 +16,6 @@ const (
 	registryLowerBandIPIndex = 10
 )
 
-func EnsureResources(ctx context.Context, in *clusterv1beta1.Installation, cli client.Client, serviceCIDR string) error {
-	log := ctrl.LoggerFrom(ctx)
-
-	sfsConfig, op, err := ensureSeaweedfsS3Secret(ctx, in, cli)
-	if err != nil {
-		in.Status.SetCondition(getSeaweedfsS3SecretReadyCondition(in, metav1.ConditionFalse, "Failed", err.Error()))
-		return fmt.Errorf("ensure seaweedfs s3 secret: %w", err)
-	} else if op != controllerutil.OperationResultNone {
-		log.Info("Seaweedfs s3 secret changed", "operation", op)
-	}
-	in.Status.SetCondition(getSeaweedfsS3SecretReadyCondition(in, metav1.ConditionTrue, "SecretReady", ""))
-
-	op, err = ensureRegistryS3Secret(ctx, in, cli, sfsConfig)
-	if err != nil {
-		in.Status.SetCondition(getRegistryS3SecretReadyCondition(in, metav1.ConditionFalse, "Failed", err.Error()))
-		return fmt.Errorf("ensure registry s3 secret: %w", err)
-	} else if op != controllerutil.OperationResultNone {
-		log.Info("Registry s3 secret changed", "operation", op)
-	}
-	in.Status.SetCondition(getRegistryS3SecretReadyCondition(in, metav1.ConditionTrue, "SecretReady", ""))
-
-	return nil
-}
-
 func RegistryNamespace() string {
 	return registryNamespace
 }
@@ -59,26 +27,3 @@ func GetRegistryServiceIP(serviceCIDR string) (string, error) {
 	}
 	return ip.String(), nil
 }
-
-func ensureRegistryNamespace(ctx context.Context, cli client.Client) error {
-	obj := &corev1.Namespace{
-		ObjectMeta: metav1.ObjectMeta{Name: registryNamespace},
-	}
-
-	err := cli.Create(ctx, obj)
-	if err != nil && !k8serrors.IsAlreadyExists(err) {
-		return fmt.Errorf("create registry namespace: %w", err)
-	}
-
-	return nil
-}
-
-func getCondition(in *clusterv1beta1.Installation, conditionType string, status metav1.ConditionStatus, reason string, message string) metav1.Condition {
-	return metav1.Condition{
-		Type:               conditionType,
-		Status:             status,
-		Reason:             reason,
-		Message:            message,
-		ObservedGeneration: in.Generation,
-	}
-}
diff --git a/pkg/registry/registry_test.go b/pkg/registry/registry_test.go
diff --git a/pkg/registry/seaweedfs.go b/pkg/registry/seaweedfs.go
@@ -6,10 +6,6 @@ import (
 )
 
 const (
-	// seaweedfsNamespace is the namespace where the Seaweedfs chart is installed.
-	// This namespace is defined in the chart in the release metadata.
-	seaweedfsNamespace = "seaweedfs"
-
 	// seaweedfsLowerBandIPIndex is the index of the seaweedfs service IP in the service CIDR.
 	// HACK: this is shared with the cli and operator as it is used by the registry to redirect requests for blobs.
 	seaweedfsLowerBandIPIndex = 11

diff --git a/pkg/registry/seaweedfsconfig.go b/pkg/registry/seaweedfsconfig.go