From a905b6317baa18fe3a3604b85e0d3ae6e0fa6d0a Mon Sep 17 00:00:00 2001
From: Vaishnavi Hire <vhire@redhat.com>
Date: Wed, 31 Aug 2022 17:00:24 -0400
Subject: [PATCH] Remove outdate profiles component

---
 openshift/example/istio/kustomization.yaml    |  1 +
 .../base/kubeflow-anyuid-scc.yaml             |  2 +-
 .../base/authorization_policy.yaml            |  8 +++++
 .../base/kustomization.yaml                   |  7 ++++
 .../base}/network_attachment.yaml             |  2 +-
 .../overlays/servicemesh/kustomization.yaml   |  0
 .../profiles/base/kustomization.yaml          | 32 -----------------
 .../profiles/base/kustomization.yaml.old      | 34 -------------------
 openshift/openshiftstack/kustomization.yaml   |  4 +--
 9 files changed, 19 insertions(+), 71 deletions(-)
 create mode 100644 openshift/openshiftstack/application/profiles-resources/base/authorization_policy.yaml
 create mode 100644 openshift/openshiftstack/application/profiles-resources/base/kustomization.yaml
 rename openshift/openshiftstack/application/{notebook-controller/base/configs => profiles-resources/base}/network_attachment.yaml (70%)
 rename openshift/openshiftstack/application/{profiles => profiles-resources}/overlays/servicemesh/kustomization.yaml (100%)
 delete mode 100644 openshift/openshiftstack/application/profiles/base/kustomization.yaml
 delete mode 100644 openshift/openshiftstack/application/profiles/base/kustomization.yaml.old

diff --git a/openshift/example/istio/kustomization.yaml b/openshift/example/istio/kustomization.yaml
index 186ae88e82..f953750286 100644
--- a/openshift/example/istio/kustomization.yaml
+++ b/openshift/example/istio/kustomization.yaml
@@ -5,6 +5,7 @@ resources:
   - ../../openshiftstack/application/openshift/openshift-scc/overlays/istio
   - ../../openshiftstack/application/istio-1-1-1-Openshift
   - ../../openshiftstack/application/cert-manager-1.5
+  - ../../openshiftstack/application/profiles-resources/base
   - ../../openshiftstack/application/kfp-tekton/base
   - ../../openshiftstack/application/knative/overlays/istio
   - ../../openshiftstack/application/jupyter-web-app/base
diff --git a/openshift/openshiftstack/application/openshift/openshift-scc/base/kubeflow-anyuid-scc.yaml b/openshift/openshiftstack/application/openshift/openshift-scc/base/kubeflow-anyuid-scc.yaml
index 1327a5bc74..6b8fd1e3d3 100644
--- a/openshift/openshiftstack/application/openshift/openshift-scc/base/kubeflow-anyuid-scc.yaml
+++ b/openshift/openshiftstack/application/openshift/openshift-scc/base/kubeflow-anyuid-scc.yaml
@@ -46,7 +46,7 @@ users:
 - system:serviceaccount:$(NAMESPACE):pipeline-runner
 # Allowing all serviceaccounts in kubeflow to run any uid per istio 1.9 documentation for openshift https://istio.io/latest/docs/setup/platform-setup/openshift/
 - system:serviceaccounts:$(NAMESPACE)
--  system:serviceaccount:kubeflow-user-example-com:default-editor
+- system:serviceaccount:kubeflow-user-example-com:default-editor
 volumes:
 - configMap
 - downwardAPI
diff --git a/openshift/openshiftstack/application/profiles-resources/base/authorization_policy.yaml b/openshift/openshiftstack/application/profiles-resources/base/authorization_policy.yaml
new file mode 100644
index 0000000000..0f5cdc5d4d
--- /dev/null
+++ b/openshift/openshiftstack/application/profiles-resources/base/authorization_policy.yaml
@@ -0,0 +1,8 @@
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+  name: allow-all
+  namespace: kubeflow-user-example-com
+spec:
+ rules:
+ - {}
\ No newline at end of file
diff --git a/openshift/openshiftstack/application/profiles-resources/base/kustomization.yaml b/openshift/openshiftstack/application/profiles-resources/base/kustomization.yaml
new file mode 100644
index 0000000000..993bb4a550
--- /dev/null
+++ b/openshift/openshiftstack/application/profiles-resources/base/kustomization.yaml
@@ -0,0 +1,7 @@
+## profiles component is deployed in openshift/openstack/kustomizaton.yaml
+## This component deploys resources required by profile controller KF 1.6 onwards
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- network_attachment.yaml
+- authorization_policy.yaml
\ No newline at end of file
diff --git a/openshift/openshiftstack/application/notebook-controller/base/configs/network_attachment.yaml b/openshift/openshiftstack/application/profiles-resources/base/network_attachment.yaml
similarity index 70%
rename from openshift/openshiftstack/application/notebook-controller/base/configs/network_attachment.yaml
rename to openshift/openshiftstack/application/profiles-resources/base/network_attachment.yaml
index f9abe463b1..3cb19663b5 100644
--- a/openshift/openshiftstack/application/notebook-controller/base/configs/network_attachment.yaml
+++ b/openshift/openshiftstack/application/profiles-resources/base/network_attachment.yaml
@@ -2,4 +2,4 @@ apiVersion: "k8s.cni.cncf.io/v1"
 kind: NetworkAttachmentDefinition
 metadata:
   name: istio-cni
-  namespace: kubeflow-user-example-com
+  namespace: kubeflow-user-example-com
\ No newline at end of file
diff --git a/openshift/openshiftstack/application/profiles/overlays/servicemesh/kustomization.yaml b/openshift/openshiftstack/application/profiles-resources/overlays/servicemesh/kustomization.yaml
similarity index 100%
rename from openshift/openshiftstack/application/profiles/overlays/servicemesh/kustomization.yaml
rename to openshift/openshiftstack/application/profiles-resources/overlays/servicemesh/kustomization.yaml
diff --git a/openshift/openshiftstack/application/profiles/base/kustomization.yaml b/openshift/openshiftstack/application/profiles/base/kustomization.yaml
deleted file mode 100644
index 1f8b27135f..0000000000
--- a/openshift/openshiftstack/application/profiles/base/kustomization.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: kubeflow
-resources:
-- ../../../../profiles/base_v3
-
-configMapGenerator:
-- name: kubeflow-config
-  envs:
-  - ../../config/params.env
-# We need to define vars at the top level otherwise we will get
-# conflicts.
-vars:
-- fieldref:
-    fieldPath: data.clusterDomain
-  name: clusterDomain
-  objref:
-    apiVersion: v1
-    kind: ConfigMap
-    name: kubeflow-config
-- fieldref:
-    fieldPath: metadata.namespace
-  name: namespace
-  objref:
-    apiVersion: networking.istio.io/v1alpha3
-    kind: VirtualService
-    name: kfam
-#This image we created to disable sidecar injection, keeping it out for now
-#images:
-#- name: gcr.io/kubeflow-images-public/profile-controller
-#  newName: quay.io/kubeflow/profile-controller
-#  newTag: v0.7.0
diff --git a/openshift/openshiftstack/application/profiles/base/kustomization.yaml.old b/openshift/openshiftstack/application/profiles/base/kustomization.yaml.old
deleted file mode 100644
index 1a4b7bd83e..0000000000
--- a/openshift/openshiftstack/application/profiles/base/kustomization.yaml.old
+++ /dev/null
@@ -1,34 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: kubeflow
-resources:
-- ../../../../profiles/base_v3
-
-configMapGenerator:
-- name: kubeflow-config
-  envs:
-  - ../../config/params.env
-# We need to define vars at the top level otherwise we will get
-# conflicts.
-vars:
-- fieldref:
-    fieldPath: data.clusterDomain
-  name: clusterDomain
-  objref:
-    apiVersion: v1
-    kind: ConfigMap
-    name: kubeflow-config
-- fieldref:
-    fieldPath: metadata.namespace
-  name: namespace
-  objref:
-    apiVersion: networking.istio.io/v1alpha3
-    kind: VirtualService
-    name: kfam
-#This image we created to disable sidecar injection, we need to fix it to enable istio sidecar containers with fsgrp 1377
-images:
-#- name: gcr.io/kubeflow-images-public/profile-controller
-- name: public.ecr.aws/j1r0q0g6/notebooks/profile-controller
-  newName: quay.io/kubeflow/profile-controller
-#  newTag: v0.7.0
-  newTag: v0.8.0
diff --git a/openshift/openshiftstack/kustomization.yaml b/openshift/openshiftstack/kustomization.yaml
index b6d6afc961..f24ba1be34 100644
--- a/openshift/openshiftstack/kustomization.yaml
+++ b/openshift/openshiftstack/kustomization.yaml
@@ -6,7 +6,7 @@ resources:
   - ../../common/kubeflow-roles/base
 
 # This is here because it needs to install in namespace kubeflow
-#  - application/istio-1-14-OpenShift/network-attachment.yaml
+  - application/istio-1-14-OpenShift/network-attachment.yaml
 
 #Added custom centraldashboard to remove tensorboard
   - application/centraldashboard/base
@@ -27,8 +27,6 @@ resources:
 #Create defualt user
   - ../../common/user-namespace/base
 
-# Create network-attachment for default user namespace
-  - application/notebook-controller/base/configs/network_attachment.yaml
 
 configMapGenerator:
 - name: kubeflow-config