Revert "OSD-24275: Validate machineCIDR is contained in default ingresscontro…"

Author: tnierman

build/resources.go

@@ -32,9 +32,6 @@ const (
 	roleName           string = "validation-webhook"
 	prometheusRoleName string = "prometheus-k8s"
 	repoName           string = "managed-cluster-validating-webhooks"
-	// Role and Binding for reading cluster-config-v1 config map...
-	clusterConfigRole        string = "config-v1-reader-wh"
-	clusterConfigRoleBinding string = "validation-webhook-cluster-config-v1-reader"
 	// Used to define what phase a resource should be deployed in by package-operator
 	pkoPhaseAnnotation string = "package-operator.run/phase"
 	// Defines the 'rbac' package-operator phase for any resources related to RBAC
@@ -214,60 +211,6 @@ func createClusterRoleBinding() *rbacv1.ClusterRoleBinding {
 	}
 }
 
-func createClusterConfigRole() *rbacv1.Role {
-	return &rbacv1.Role{
-		TypeMeta: metav1.TypeMeta{
-			Kind:       "Role",
-			APIVersion: rbacv1.SchemeGroupVersion.String(),
-		},
-		ObjectMeta: metav1.ObjectMeta{
-			Name:      clusterConfigRole,
-			Namespace: "kube-system",
-		},
-		Rules: []rbacv1.PolicyRule{
-			{
-				APIGroups: []string{
-					"",
-				},
-				Resources: []string{
-					"configmaps",
-				},
-				Verbs: []string{
-					"get",
-				},
-				ResourceNames: []string{
-					"cluster-config-v1",
-				},
-			},
-		},
-	}
-}
-
-func createClusterConfigRoleBinding() *rbacv1.RoleBinding {
-	return &rbacv1.RoleBinding{
-		TypeMeta: metav1.TypeMeta{
-			Kind:       "RoleBinding",
-			APIVersion: rbacv1.SchemeGroupVersion.String(),
-		},
-		ObjectMeta: metav1.ObjectMeta{
-			Name:      clusterConfigRoleBinding,
-			Namespace: "kube-system",
-		},
-		Subjects: []rbacv1.Subject{
-			{
-				Kind:      "ServiceAccount",
-				Name:      serviceAccountName,
-				Namespace: *namespace,
-			},
-		},
-		RoleRef: rbacv1.RoleRef{
-			Name:     clusterConfigRole,
-			Kind:     "Role",
-			APIGroup: rbacv1.GroupName,
-		},
-	}
-}
-
 func createPrometheusRole() *rbacv1.Role {
 	return &rbacv1.Role{
 		TypeMeta: metav1.TypeMeta{
@@ -884,7 +827,6 @@ func sliceContains(needle string, haystack []string) bool {
 
 func main() {
 	flag.Parse()
-	utils.BuildRun = true
 
 	skip := strings.Split(*excludes, ",")
 	onlyInclude := strings.Split(*only, "")
@@ -909,8 +851,6 @@ func main() {
 		templateResources.Add(utils.DefaultLabelSelector(), runtime.RawExtension{Object: createClusterRoleBinding()})
 		templateResources.Add(utils.DefaultLabelSelector(), runtime.RawExtension{Object: createPrometheusRole()})
 		templateResources.Add(utils.DefaultLabelSelector(), runtime.RawExtension{Object: createPromethusRoleBinding()})
-		templateResources.Add(utils.DefaultLabelSelector(), runtime.RawExtension{Object: createClusterConfigRole()})
-		templateResources.Add(utils.DefaultLabelSelector(), runtime.RawExtension{Object: createClusterConfigRoleBinding()})
 		templateResources.Add(utils.DefaultLabelSelector(), runtime.RawExtension{Object: createServiceMonitor()})
 		templateResources.Add(utils.DefaultLabelSelector(), runtime.RawExtension{Object: createCACertConfigMap()})
 		templateResources.Add(utils.DefaultLabelSelector(), runtime.RawExtension{Object: createService()})

build/selectorsyncset.yaml

@@ -123,35 +123,6 @@ objects:
       - kind: ServiceAccount
         name: prometheus-k8s
         namespace: openshift-monitoring
-    - apiVersion: rbac.authorization.k8s.io/v1
-      kind: Role
-      metadata:
-        creationTimestamp: null
-        name: config-v1-reader-wh
-        namespace: kube-system
-      rules:
-      - apiGroups:
-        - ""
-        resourceNames:
-        - cluster-config-v1
-        resources:
-        - configmaps
-        verbs:
-        - get
-    - apiVersion: rbac.authorization.k8s.io/v1
-      kind: RoleBinding
-      metadata:
-        creationTimestamp: null
-        name: validation-webhook-cluster-config-v1-reader
-        namespace: kube-system
-      roleRef:
-        apiGroup: rbac.authorization.k8s.io
-        kind: Role
-        name: config-v1-reader-wh
-      subjects:
-      - kind: ServiceAccount
-        name: validation-webhook
-        namespace: openshift-validation-webhook
     - apiVersion: monitoring.coreos.com/v1
       kind: ServiceMonitor
       metadata:

cmd/main.go

@@ -21,15 +21,14 @@ import (
 	"github.com/openshift/managed-cluster-validating-webhooks/pkg/k8sutil"
 	"github.com/openshift/managed-cluster-validating-webhooks/pkg/localmetrics"
 	"github.com/openshift/managed-cluster-validating-webhooks/pkg/webhooks"
-	"github.com/openshift/managed-cluster-validating-webhooks/pkg/webhooks/utils"
 )
 
 var log = logf.Log.WithName("handler")
 
 var (
 	listenAddress = flag.String("listen", "0.0.0.0", "listen address")
 	listenPort    = flag.String("port", "5000", "port to listen on")
-	metricsAddr   string
+	testHooks     = flag.Bool("testhooks", false, "Test webhook URI uniqueness and quit?")
 
 	useTLS  = flag.Bool("tls", false, "Use TLS? Must specify -tlskey, -tlscert, -cacert")
 	tlsKey  = flag.String("tlskey", "", "TLS Key for TLS")
@@ -40,18 +39,15 @@ var (
 	metricsPort = "8080"
 )
 
-func init() {
-	// Allow export webhook var to share flag value...
-	flag.BoolVar(&utils.TestHooks, "testhooks", false, "Test webhook URI uniqueness and quit?")
+func main() {
+	var metricsAddr string
 	flag.StringVar(&metricsAddr, "metrics-bind-address", ":"+metricsPort, "The address the metric endpoint binds to.")
 	flag.Parse()
-}
-
-func main() {
 	klog.SetOutput(os.Stdout)
+
 	logf.SetLogger(klogr.New())
 
-	if !utils.TestHooks {
+	if !*testHooks {
 		log.Info("HTTP server running at", "listen", net.JoinHostPort(*listenAddress, *listenPort))
 	}
 	dispatcher := dispatcher.NewDispatcher(webhooks.Webhooks)
@@ -62,12 +58,12 @@ func main() {
 			panic(fmt.Errorf("Duplicate webhook trying to listen on %s", realHook.GetURI()))
 		}
 		seen[name] = true
-		if !utils.TestHooks {
+		if !*testHooks {
 			log.Info("Listening", "webhookName", name, "URI", realHook.GetURI())
 		}
 		http.HandleFunc(realHook.GetURI(), dispatcher.HandleRequest)
 	}
-	if utils.TestHooks {
+	if *testHooks {
 		os.Exit(0)
 	}
 

go.mod

@@ -57,7 +57,6 @@ require (
 	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
 	github.com/openshift/custom-resource-status v1.1.3-0.20220503160415-f2fdb4999d87 // indirect
 	github.com/openshift/elasticsearch-operator v0.0.0-20220613183908-e1648e67c298 // indirect
-	github.com/openshift/installer v0.16.1 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/prometheus/client_model v0.6.1 // indirect
 	github.com/prometheus/common v0.59.1 // indirect

go.sum

@@ -187,8 +187,6 @@ github.com/openshift/elasticsearch-operator v0.0.0-20220613183908-e1648e67c298 h
 github.com/openshift/elasticsearch-operator v0.0.0-20220613183908-e1648e67c298/go.mod h1:6dxhWPY3Wr/0b0eGrFpV7gcyeS+ne48Mo9OQ9dxrLNI=
 github.com/openshift/hive/apis v0.0.0-20230327212335-7fd70848a6d5 h1:adHXZ1WFqCvXpargpTa6divneeUuvV2xr/D6NWgbqS8=
 github.com/openshift/hive/apis v0.0.0-20230327212335-7fd70848a6d5/go.mod h1:VIxA5HhvBmsqVn7aUVQYs004B9K4U5A+HrFwvRq2nK8=
-github.com/openshift/installer v0.16.1 h1:PmjALN9x1NVNVi3SCqfz0ZwVCgOkQLQWo2nHYXREq/A=
-github.com/openshift/installer v0.16.1/go.mod h1:VWGgpJgF8DGCKQjbccnigglhZnHtRLCZ6cxqkXN4Ck0=
 github.com/openshift/operator-custom-metrics v0.5.1 h1:1pk4YMUV+cmqfV0f2fyxY62cl7Gc76kwudJT+EdcfYM=
 github.com/openshift/operator-custom-metrics v0.5.1/go.mod h1:0dYDHi/ubKRWzsC9MmW6bRMdBgo1QSOuAh3GupTe0Sw=
 github.com/openshift/osde2e-common v0.0.0-20231010150014-8a4449a371e6 h1:MPcnO0eeWEyjLBA4mMgJ8pv8u7DjKC7yS+a39R+zhqs=