Remove image list cm and edb config secret during migration (#2448)

bluzarraga · web-flow · commit 6c3e6d26002f · 2025-03-20T05:55:41.000+08:00
* update migration job to cleanup certain edb config resources to prevent helm ownership problems

Signed-off-by: Ben Luzarraga &lt;luzarragaben@gmail.com&gt;

* differentiate operator namespace role

Signed-off-by: Ben Luzarraga &lt;luzarragaben@gmail.com&gt;

* differentiate operator namespace role

Signed-off-by: Ben Luzarraga &lt;luzarragaben@gmail.com&gt;

* differentiate operator namespace role

Signed-off-by: Ben Luzarraga &lt;luzarragaben@gmail.com&gt;

* add secrets to role

Signed-off-by: Ben Luzarraga &lt;luzarragaben@gmail.com&gt;

* remove delete configmap

Signed-off-by: Ben Luzarraga &lt;luzarragaben@gmail.com&gt;

* do not delete edb secret

Signed-off-by: Ben Luzarraga &lt;luzarragaben@gmail.com&gt;

---------

Signed-off-by: Ben Luzarraga &lt;luzarragaben@gmail.com&gt;
diff --git a/bedrock-migration/templates/adopt-cs-cr.yaml b/bedrock-migration/templates/adopt-cs-cr.yaml
@@ -1,4 +1,3 @@
-#not sure this is necessary
 apiVersion: operator.ibm.com/v3
 kind: CommonService
 metadata:
diff --git a/bedrock-migration/templates/bedrock-migration-job.yaml b/bedrock-migration/templates/bedrock-migration-job.yaml
@@ -84,6 +84,9 @@ spec:
               oc delete --ignore-not-found csv $edbCSV -n $operatorNamespace && oc delete --ignore-not-found subscription.operators.coreos.com $edbSub -n $operatorNamespace
             fi
 
+            echo "Deleting EDB config resources in namespace $operatorNamespace to be regenerated after migration..."
+            oc delete configmap cloud-native-postgresql-image-list --ignore-not-found -n $operatorNamespace
+
             echo "Deleting IM, UI, and EDB ServiceAccounts and Jobs in operator namespace $operatorNamespace and services namespace $servicesNamespace..."
             oc delete --ignore-not-found sa postgresql-operator-manager edb-license-sa -n $operatorNamespace
             oc delete --ignore-not-found sa ibm-iam-operand-restricted ibm-commonui-operand common-service-db -n $servicesNamespace
diff --git a/bedrock-migration/templates/rbac.yaml b/bedrock-migration/templates/rbac.yaml
@@ -10,7 +10,7 @@ metadata:
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: bedrock-migration-job-role
+  name: bedrock-migration-job-role-{{ .Values.global.operatorNamespace }}
   namespace: {{ .Values.global.operatorNamespace }}
   annotations:
     "helm.sh/hook": pre-install
@@ -39,6 +39,7 @@ rules:
   resources:
   - configmaps
   - serviceaccounts
+  - secrets
   verbs:
   - list
   - get
@@ -64,7 +65,7 @@ rules:
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: bedrock-migration-job-rb
+  name: bedrock-migration-job-rb-{{ .Values.global.operatorNamespace }}
   namespace: {{ .Values.global.operatorNamespace }}
   annotations:
     "helm.sh/hook": pre-install
@@ -76,7 +77,7 @@ subjects:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
-  name: bedrock-migration-job-role
+  name: bedrock-migration-job-role-{{ .Values.global.operatorNamespace }}
 {{- $watchNamespaces := .Values.global.tetheredNamespaces | default list -}}
 {{- if .Values.global.instanceNamespace -}}
 {{- $watchNamespaces = append $watchNamespaces .Values.global.instanceNamespace -}}

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,3 @@`
`1`		`-#not sure this is necessary`
`2`	`1`	`apiVersion: operator.ibm.com/v3`
`3`	`2`	`kind: CommonService`
`4`	`3`	`metadata:`