diff --git a/operator/config/manifests/bases/forklift-operator.clusterserviceversion.yaml b/operator/config/manifests/bases/forklift-operator.clusterserviceversion.yaml index c8c4b2033..91300fbd3 100644 --- a/operator/config/manifests/bases/forklift-operator.clusterserviceversion.yaml +++ b/operator/config/manifests/bases/forklift-operator.clusterserviceversion.yaml @@ -18,7 +18,6 @@ metadata: "namespace": "konveyor-forklift" }, "spec": { - "feature_ui": "false", "feature_ui_plugin": "true", "feature_validation": "true", "feature_must_gather_api": "true", diff --git a/operator/config/samples/forklift_v1beta1_forkliftcontroller.yaml b/operator/config/samples/forklift_v1beta1_forkliftcontroller.yaml index bc376db46..d29954ffa 100644 --- a/operator/config/samples/forklift_v1beta1_forkliftcontroller.yaml +++ b/operator/config/samples/forklift_v1beta1_forkliftcontroller.yaml @@ -5,7 +5,6 @@ metadata: name: forklift-controller namespace: ${NAMESPACE} spec: - feature_ui: 'false' feature_ui_plugin: 'true' feature_validation: 'true' feature_must_gather_api: 'true' diff --git a/operator/docs/development.md b/operator/docs/development.md index d06e5b038..047f828e6 100644 --- a/operator/docs/development.md +++ b/operator/docs/development.md @@ -133,7 +133,6 @@ metadata: name: forklift-controller namespace: konveyor-forklift spec: - feature_ui: true feature_validation: true EOF ``` diff --git a/operator/docs/k8s.md b/operator/docs/k8s.md index e47985139..86521f6c7 100644 --- a/operator/docs/k8s.md +++ b/operator/docs/k8s.md @@ -54,7 +54,7 @@ konveyor-forklift-bx8pt 1/1 Running 0 If this looks Ok, then you can proceed to create the forkliftcontroller CR that will install the rest of Forklift components. -### Creating a _ForkliftController_ CR (SSL/TLS disabled) +### Creating a _ForkliftController_ CR ``` $ cat << EOF | kubectl -n konveyor-forklift apply -f - apiVersion: forklift.konveyor.io/v1beta1 @@ -62,25 +62,6 @@ kind: ForkliftController metadata: name: forklift-controller namespace: konveyor-forklift -spec: - feature_ui: false - feature_validation: true - ui_tls_enabled: false -EOF -``` - -### Creating a _ForkliftController_ CR (SSL/TLS disabled) with UI -``` -$ cat << EOF | kubectl -n konveyor-forklift apply -f - -apiVersion: forklift.konveyor.io/v1beta1 -kind: ForkliftController -metadata: - name: forklift-controller - namespace: konveyor-forklift -spec: - feature_ui: true - feature_auth_required: false - feature_validation: true - ui_tls_enabled: false +spec: {} EOF ``` diff --git a/operator/roles/forkliftcontroller/defaults/main.yml b/operator/roles/forkliftcontroller/defaults/main.yml index bf7e994d9..ac791da94 100644 --- a/operator/roles/forkliftcontroller/defaults/main.yml +++ b/operator/roles/forkliftcontroller/defaults/main.yml @@ -3,7 +3,6 @@ app_name: "{{ lookup('env', 'APP_NAME') or 'forklift' }}" app_namespace: "{{ lookup( 'env', 'WATCH_NAMESPACE') or 'konveyor-forklift' }}" # Feature defaults -feature_ui: false feature_ui_plugin: true feature_validation: true feature_must_gather_api: true @@ -66,25 +65,6 @@ validation_issuer_name: "{{ validation_service_name }}-issuer" validation_certificate_name: "{{ validation_service_name }}-certificate" validation_state: absent -ui_image_fqin: "{{ lookup( 'env', 'UI_IMAGE') or lookup( 'env', 'RELATED_IMAGE_UI') }}" -ui_oauth_user_scope: "user:full" -ui_configmap_path: "/etc/forklift-ui" -ui_configmap_name: "{{ ui_service_name }}-config" -ui_service_name: "{{ app_name }}-ui" -ui_deployment_name: "{{ ui_service_name }}" -ui_container_name: "{{ app_name }}-ui" -ui_container_limits_cpu: "100m" -ui_container_limits_memory: "800Mi" -ui_container_requests_cpu: "100m" -ui_container_requests_memory: "150Mi" -ui_tls_secret_name: "{{ ui_service_name }}-serving-cert" -ui_tls_enabled: true -ui_route_name: "virt" -ui_meta_file_name: "meta.json" -ui_node_extra_ca_certs: "/opt/app-root/src/ca.crt" -ui_state: absent -ui_plugin_state: absent - ui_plugin_image_fqin: "{{ lookup( 'env', 'UI_PLUGIN_IMAGE') or lookup( 'env', 'RELATED_IMAGE_UI_PLUGIN') }}" ui_plugin_console_name: "{{ app_name }}-console-plugin" ui_plugin_display_name: "Console plugin for {{ app_name }}" @@ -95,6 +75,7 @@ ui_plugin_container_limits_cpu: "100m" ui_plugin_container_limits_memory: "800Mi" ui_plugin_container_requests_cpu: "100m" ui_plugin_container_requests_memory: "150Mi" +ui_plugin_state: absent api_image_fqin: "{{ lookup( 'env', 'API_IMAGE') or lookup( 'env', 'RELATED_IMAGE_API') }}" api_service_name: "{{ app_name }}-api" diff --git a/operator/roles/forkliftcontroller/tasks/main.yml b/operator/roles/forkliftcontroller/tasks/main.yml index c242cec98..487a276a2 100644 --- a/operator/roles/forkliftcontroller/tasks/main.yml +++ b/operator/roles/forkliftcontroller/tasks/main.yml @@ -1,11 +1,6 @@ --- - block: - - name: "Set UI feature state" - set_fact: - ui_state: "present" - when: feature_ui|bool - - name: "Set UI plugin feature state" set_fact: ui_plugin_state: "present" @@ -169,85 +164,6 @@ state: "{{ must_gather_api_state }}" definition: "{{ lookup('template', 'must-gather-api/deployment-must-gather-api.yml.j2') }}" - # Non-k8s UI tasks - - when: feature_ui|bool and not k8s_cluster|bool - block: - - - name: "Setup UI route" - k8s: - state: "{{ ui_state }}" - definition: "{{ lookup('template', 'ui/route-ui.yml.j2') }}" - - - name: "Obtain UI route" - k8s_info: - api_version: "route.openshift.io/v1" - kind: "Route" - namespace: "{{ app_namespace }}" - name: "{{ ui_route_name }}" - register: route - until: (route.resources|length) > 0 - delay: 10 - retries: 6 - - - name: "Extract UI FQDN from the route" - set_fact: - ui_route_fqdn: "{{ route.resources[0].spec.host }}" - - - name: "Obtain OCP cluster version" - k8s_info: - kind: ClusterVersion - name: version - register: ocp_cv - - - name: "Extract OCP cluster version" - set_fact: - forklift_cluster_version: "{{ ocp_cv | json_query(query) | first }}" - vars: - query: "resources[0].status.history[?state=='Completed'].version" - when: (ocp_cv.resources|length) > 0 - - - name: "Check if UI oauthclient exists already so we don't update it" - k8s_info: - api_version: v1 - kind: OAuthClient - name: "{{ ui_service_name }}" - namespace: "{{ app_namespace }}" - register: ui_oauthclient_status - - - when: (ui_oauthclient_status.resources | length) == 0 - block: - - name: "Generate random secret value for oauth client" - set_fact: - ui_oauth_secret: "{{ 99999999 | random | to_uuid | b64encode }}" - - - name: "Setup UI oauthclient" - k8s: - state: present - definition: "{{ lookup('template', 'ui/oauthclient-ui.yml.j2') }}" - - - name: "Use existing secret value for oauth client" - set_fact: - ui_oauth_secret: "{{ ui_oauthclient_status.resources[0].secret }}" - when: (ui_oauthclient_status.resources | length) > 0 - - - when: feature_ui|bool - block: - - - name: "Setup UI config map" - k8s: - state: "{{ ui_state }}" - definition: "{{ lookup('template', 'ui/configmap-ui.yml.j2') }}" - - - name: "Setup UI service" - k8s: - state: "{{ ui_state }}" - definition: "{{ lookup('template', 'ui/service-ui.yml.j2') }}" - - - name: "Setup UI deployment" - k8s: - state: "{{ ui_state }}" - definition: "{{ lookup('template', 'ui/deployment-ui.yml.j2') }}" - - when: feature_ui_plugin|bool and not k8s_cluster|bool block: @@ -302,15 +218,6 @@ vars: feature_label: "{{ ui_plugin_service_name }}" - - when: not feature_ui|bool - name: "Cleanup {{ ui_service_name }} if disabled" - include_tasks: cleanup.yml - loop: "{{ forklift_resources }}" - loop_control: - loop_var: resource_kind - vars: - feature_label: "{{ ui_service_name }}" - - when: not feature_validation|bool name: "Cleanup {{ validation_service_name }} if disabled" include_tasks: cleanup.yml diff --git a/operator/roles/forkliftcontroller/templates/ui/configmap-ui.yml.j2 b/operator/roles/forkliftcontroller/templates/ui/configmap-ui.yml.j2 deleted file mode 100644 index 1a5d2b047..000000000 --- a/operator/roles/forkliftcontroller/templates/ui/configmap-ui.yml.j2 +++ /dev/null @@ -1,30 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app: {{ app_name }} - service: {{ ui_service_name }} - name: "{{ ui_configmap_name }}" - namespace: "{{ app_namespace }}" -data: - "{{ ui_meta_file_name }}": | - { - "namespace": "{{ app_namespace }}", - "configNamespace": "{{ app_namespace }}", - "clusterApi": "https://kubernetes.default.svc.cluster.local", - "inventoryApi": "https://{{ inventory_service_name }}.{{ app_namespace }}.svc.cluster.local:8443", - "mustGatherApi": "https://{{ must_gather_api_service_name }}.{{ app_namespace }}.svc.cluster.local:8443", - "oauth": { -{% if not k8s_cluster|bool %} - "clientId": "{{ ui_service_name }}", -{% if ui_tls_enabled|bool %} - "redirectUrl": "https://{{ ui_route_fqdn }}/login/callback", -{% else %} - "redirectUrl": "http://{{ ui_route_fqdn }}/login/callback", -{% endif %} - "userScope": "{{ ui_oauth_user_scope }}", - "clientSecret": "{{ ui_oauth_secret }}" -{% endif %} - } - } diff --git a/operator/roles/forkliftcontroller/templates/ui/deployment-ui.yml.j2 b/operator/roles/forkliftcontroller/templates/ui/deployment-ui.yml.j2 deleted file mode 100644 index ae4716b74..000000000 --- a/operator/roles/forkliftcontroller/templates/ui/deployment-ui.yml.j2 +++ /dev/null @@ -1,95 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ ui_deployment_name }} - namespace: "{{ app_namespace }}" - labels: - app: {{ app_name }} - service: {{ ui_service_name }} -spec: - selector: - matchLabels: - app: {{ app_name }} - service: {{ ui_service_name }} - template: - metadata: - labels: - app: {{ app_name }} - service: {{ ui_service_name }} - spec: - containers: - - name: {{ ui_container_name }} - image: "{{ ui_image_fqin }}" - imagePullPolicy: "{{ image_pull_policy }}" - env: - - name: AUTH_REQUIRED - value: '{{ feature_auth_required|lower }}' - - name: META_FILE - value: {{ ui_configmap_path }}/{{ ui_meta_file_name }} - - name: NODE_EXTRA_CA_CERTS - value: {{ ui_node_extra_ca_certs }} - - name: FORKLIFT_OPERATOR_VERSION - value: {{ forklift_operator_version }} -{% if k8s_cluster|bool %} - - name: FORKLIFT_CLUSTER_VERSION - value: "{{ k8s_cluster_version }}" -{% else %} - - name: FORKLIFT_CLUSTER_VERSION - value: "{{ forklift_cluster_version }}" -{% endif %} -{% if ui_tls_enabled|bool %} - - name: UI_TLS_ENABLED - value: 'true' - - name: UI_TLS_CERTIFICATE - value: "/var/run/secrets/{{ ui_tls_secret_name }}/tls.crt" - - name: UI_TLS_KEY - value: "/var/run/secrets/{{ ui_tls_secret_name }}/tls.key" -{% else %} - - name: UI_TLS_ENABLED - value: 'false' -{% endif %} - ports: -{% if ui_tls_enabled|bool %} - - containerPort: 8443 -{% else %} - - containerPort: 8080 -{% endif %} - protocol: TCP - resources: - limits: - cpu: {{ ui_container_limits_cpu }} - memory: {{ ui_container_limits_memory }} - requests: - cpu: {{ ui_container_requests_cpu }} - memory: {{ ui_container_requests_memory }} - volumeMounts: - - name: "{{ ui_configmap_name }}" - mountPath: "{{ ui_configmap_path }}" -{% if ui_tls_enabled|bool %} - - name: "{{ ui_tls_secret_name }}" - mountPath: "/var/run/secrets/{{ ui_tls_secret_name }}" -{% endif %} -{% if trusted_ca_enabled is defined and trusted_ca_enabled|bool %} - - name: trusted-ca - mountPath: /etc/pki/ca-trust/extracted/pem - readOnly: true -{% endif %} - volumes: - - name: "{{ ui_configmap_name }}" - configMap: - name: "{{ ui_configmap_name }}" -{% if ui_tls_enabled|bool %} - - name: "{{ ui_tls_secret_name }}" - secret: - defaultMode: 420 - secretName: "{{ ui_tls_secret_name }}" -{% endif %} -{% if trusted_ca_enabled is defined and trusted_ca_enabled|bool %} - - name: trusted-ca - configMap: - name: trusted-ca - items: - - key: ca-bundle.crt - path: tls-ca-bundle.pem -{% endif %} diff --git a/operator/roles/forkliftcontroller/templates/ui/oauthclient-ui.yml.j2 b/operator/roles/forkliftcontroller/templates/ui/oauthclient-ui.yml.j2 deleted file mode 100644 index 48da611af..000000000 --- a/operator/roles/forkliftcontroller/templates/ui/oauthclient-ui.yml.j2 +++ /dev/null @@ -1,10 +0,0 @@ ---- -apiVersion: oauth.openshift.io/v1 -kind: OAuthClient -metadata: - name: {{ ui_service_name }} - namespace: "{{ app_namespace }}" -grantMethod: auto -redirectURIs: -- "https://{{ ui_route_fqdn }}/login/callback" -secret: "{{ ui_oauth_secret }}" diff --git a/operator/roles/forkliftcontroller/templates/ui/route-ui.yml.j2 b/operator/roles/forkliftcontroller/templates/ui/route-ui.yml.j2 deleted file mode 100644 index 7d26e7325..000000000 --- a/operator/roles/forkliftcontroller/templates/ui/route-ui.yml.j2 +++ /dev/null @@ -1,20 +0,0 @@ ---- -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - annotations: - haproxy.router.openshift.io/timeout: 300s - name: "{{ ui_route_name }}" - namespace: "{{ app_namespace }}" - labels: - app: {{ app_name }} - service: {{ ui_service_name }} -spec: - to: - kind: Service - name: {{ ui_service_name }} -{% if ui_tls_enabled|bool %} - tls: - termination: reencrypt - insecureEdgeTerminationPolicy: Redirect -{% endif %} diff --git a/operator/roles/forkliftcontroller/templates/ui/service-ui.yml.j2 b/operator/roles/forkliftcontroller/templates/ui/service-ui.yml.j2 deleted file mode 100644 index 555b16fbf..000000000 --- a/operator/roles/forkliftcontroller/templates/ui/service-ui.yml.j2 +++ /dev/null @@ -1,27 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - service.beta.openshift.io/serving-cert-secret-name: {{ ui_tls_secret_name }} - name: {{ ui_service_name }} - namespace: "{{ app_namespace }}" - labels: - app: {{ app_name }} - service: {{ ui_service_name }} -spec: - ports: -{% if ui_tls_enabled|bool %} - - name: ui-https - port: 8443 - targetPort: 8443 - protocol: TCP -{% else %} - - name: ui-http - port: 8080 - targetPort: 8080 - protocol: TCP -{% endif %} - selector: - app: {{ app_name }} - service: {{ ui_service_name }}