Change to go full knative with the operator

Signed-off-by: gabriel-farache <[email protected]>
parodos-dev · Jul 23, 2024 · 86e80b8 · 86e80b8
1 parent 43689c6
commit 86e80b8
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 40 deletions.
diff --git a/charts/move2kube/INSTALL.md b/charts/move2kube/INSTALL.md
@@ -22,8 +22,13 @@ We need to use `initContainers` and `securityContext` in our Knative services to
 ```
 ### For move2kube instance
 Also, `move2kube` instance runs as root so we need to allow the `default` service account to use `runAsUser`:
+To know which scc is to be set to the default service account, run:
 ```console
-oc -n ${TARGET_NS} adm policy add-scc-to-user anyuid -z default
+oc get deployments.apps m2k-save-transformation-func-v1-deployment -oyaml | oc adm policy scc-subject-review --filename -
+```
+Then copy the `ALLOWED BY` value and use it in the following command:
+```console
+oc -n ${TARGET_NS} adm policy add-scc-to-user <ALLOWED BY> -z default
 ```
 
 Create the secret that holds the ssh keys:
@@ -61,7 +66,7 @@ oc -n ${TARGET_NS} delete ksvc m2k-save-transformation-func &&
 Run the following to set `K_SINK` and `MOVE2KUBE_URL` environment variable in the workflow:
 ```console
 BROKER_URL=$(oc -n ${TARGET_NS} get broker -o yaml | yq -r .items[0].status.address.url)
-oc -n ${TARGET_NS} patch sonataflow m2k --type merge -p '{"spec": { "podTemplate": { "container": { "env": [{"name": "K_SINK", "value": "'${BROKER_URL}'"}, {"name": "MOVE2KUBE_URL", "value": "https://'${M2K_ROUTE}'"}]}}}}'
+oc -n ${TARGET_NS} patch sonataflow m2k --type merge -p '{"spec": { "podTemplate": { "container": { "env": [{"name": "MOVE2KUBE_URL", "value": "https://'${M2K_ROUTE}'"}]}}}}'
 ```
 
 ### Edit the `${WORKFLOW_NAME}-creds` Secret

diff --git a/charts/move2kube/templates/03-knative-resources.yaml b/charts/move2kube/templates/03-knative-resources.yaml
@@ -7,41 +7,6 @@ data:
     Host *
         StrictHostKeyChecking no
 ---
-apiVersion: eventing.knative.dev/v1
-kind: Trigger
-metadata:
-  name: error-trigger-{{ .Values.workflow.name }}
-spec:
-  broker: {{ .Values.brokerName }}
-  filter:
-    attributes:
-      type: error
-  subscriber:
-    ref:
-      apiVersion: v1
-      kind: Service
-      name: {{ .Values.workflow.name }}
----
-apiVersion: eventing.knative.dev/v1
-kind: Trigger
-metadata:
-  name: transformation-saved-trigger-{{ .Values.workflow.name }}
-spec:
-  broker: {{ .Values.brokerName }}
-  filter:
-    attributes:
-      type: transformation_saved
-  subscriber:
-    ref:
-      apiVersion: v1
-      kind: Service
-      name: {{ .Values.workflow.name }}
----
-apiVersion: eventing.knative.dev/v1
-kind: Broker
-metadata:
-  name: {{ .Values.brokerName }}
----
 apiVersion: serving.knative.dev/v1
 kind: Service
 metadata:
@@ -57,7 +22,6 @@ spec:
           securityContext:
             runAsUser: 0
             allowPrivilegeEscalation: true
-          securityContext:
           command: [ "sh", "-c", "cp /tmp/.ssh/id_rsa /etc/pre-install/. && chown 185 /etc/pre-install/id_rsa" ]
           volumeMounts:
             - name: ssh-priv-key

diff --git a/charts/move2kube/values.yaml b/charts/move2kube/values.yaml
@@ -1,6 +1,5 @@
 sshSecretName: sshkeys # name of the secret holding the ssh keys that will be used by move2kube resources
-brokerName: default # name of the broker used by Knative eventing resources
-brokerURL: http://broker-ingress.knative-eventing.svc.cluster.local/sonataflow-infra/default
+brokerName: kafka-broker # name of the broker used by Knative eventing resources
 workflow:
   name: m2k # name of the workflow
   move2kubeURL: https://move2kube-route-sonataflow-infra.apps.cluster-8xfw.redhatworkshops.io # URL for move2kube instance