From 7af1f9093124f049a46b9ece180ee3d645d48ef9 Mon Sep 17 00:00:00 2001 From: Ugo Giordano Date: Wed, 18 Dec 2024 11:45:42 +0100 Subject: [PATCH] Removed Notebook ServiceAccount from default RoleBinding granting anyuid SCC. --- .../components/workbenches/workbenches_controller.go | 2 -- .../components/workbenches/workbenches_support.go | 10 ---------- 2 files changed, 12 deletions(-) diff --git a/controllers/components/workbenches/workbenches_controller.go b/controllers/components/workbenches/workbenches_controller.go index 6eb7a099cec..0a790c2ab81 100644 --- a/controllers/components/workbenches/workbenches_controller.go +++ b/controllers/components/workbenches/workbenches_controller.go @@ -30,7 +30,6 @@ import ( "github.com/opendatahub-io/opendatahub-operator/v2/pkg/controller/actions/deploy" "github.com/opendatahub-io/opendatahub-operator/v2/pkg/controller/actions/gc" "github.com/opendatahub-io/opendatahub-operator/v2/pkg/controller/actions/render/kustomize" - "github.com/opendatahub-io/opendatahub-operator/v2/pkg/controller/actions/security" "github.com/opendatahub-io/opendatahub-operator/v2/pkg/controller/actions/updatestatus" "github.com/opendatahub-io/opendatahub-operator/v2/pkg/controller/handlers" "github.com/opendatahub-io/opendatahub-operator/v2/pkg/controller/predicates/component" @@ -62,7 +61,6 @@ func (s *componentHandler) NewComponentReconciler(ctx context.Context, mgr ctrl. WithAction(initialize). WithAction(devFlags). WithAction(configureDependencies). - WithAction(security.NewUpdatePodSecurityRoleBindingAction(serviceAccounts)). WithAction(kustomize.NewAction( kustomize.WithCache(), kustomize.WithLabel(labels.ODH.Component(LegacyComponentName), labels.True), diff --git a/controllers/components/workbenches/workbenches_support.go b/controllers/components/workbenches/workbenches_support.go index 05650806330..1324a82a5fa 100644 --- a/controllers/components/workbenches/workbenches_support.go +++ b/controllers/components/workbenches/workbenches_support.go @@ -4,7 +4,6 @@ import ( "path" componentApi "github.com/opendatahub-io/opendatahub-operator/v2/apis/components/v1alpha1" - "github.com/opendatahub-io/opendatahub-operator/v2/pkg/cluster" odhtypes "github.com/opendatahub-io/opendatahub-operator/v2/pkg/controller/types" odhdeploy "github.com/opendatahub-io/opendatahub-operator/v2/pkg/deploy" ) @@ -21,8 +20,6 @@ const ( kfNotebookControllerPath = "kf-notebook-controller" kfNotebookControllerManifestSourcePath = "overlays/openshift" - nbcServiceAccountName = "notebook-controller-service-account" - // LegacyComponentName is the name of the component that is assigned to deployments // via Kustomize. Since a deployment selector is immutable, we can't upgrade existing // deployment to the new component name, so keep it around till we figure out a solution. @@ -33,13 +30,6 @@ var ( notebookControllerContextDir = path.Join(ComponentName, notebookControllerPath) kfNotebookControllerContextDir = path.Join(ComponentName, kfNotebookControllerPath) notebookContextDir = path.Join(ComponentName, notebooksPath) - - serviceAccounts = map[cluster.Platform][]string{ - cluster.SelfManagedRhoai: {nbcServiceAccountName}, - cluster.ManagedRhoai: {nbcServiceAccountName}, - cluster.OpenDataHub: {nbcServiceAccountName}, - cluster.Unknown: {nbcServiceAccountName}, - } ) // manifests for nbc in ODH and RHOAI + downstream use it for imageparams.