Bug 1881703: Revert https://github.com/openshift/machine-config-operator/pull/1792

cmd/machine-config-operator/start.go

@@ -74,7 +74,6 @@ func runStartCmd(cmd *cobra.Command, args []string) {
 			ctrlctx.ClientBuilder.APIExtClientOrDie(componentName),
 			ctrlctx.ClientBuilder.ConfigClientOrDie(componentName),
 			ctrlctx.OpenShiftKubeAPIServerKubeNamespacedInformerFactory.Core().V1().ConfigMaps(),
-			ctrlctx.KubeMAOSharedInformer.Core().V1().Secrets(),
 		)
 
 		ctrlctx.NamespacedInformerFactory.Start(ctrlctx.Stop)
@@ -84,7 +83,6 @@ func runStartCmd(cmd *cobra.Command, args []string) {
 		ctrlctx.ConfigInformerFactory.Start(ctrlctx.Stop)
 		ctrlctx.OpenShiftKubeAPIServerKubeNamespacedInformerFactory.Start(ctrlctx.Stop)
 		ctrlctx.OperatorInformerFactory.Start(ctrlctx.Stop)
-		ctrlctx.KubeMAOSharedInformer.Start(ctrlctx.Stop)
 		close(ctrlctx.InformersStarted)
 
 		go controller.Run(2, ctrlctx.Stop)

pkg/controller/common/controller_context.go

@@ -42,7 +42,6 @@ type ControllerContext struct {
 	APIExtInformerFactory                               apiextinformers.SharedInformerFactory
 	ConfigInformerFactory                               configinformers.SharedInformerFactory
 	OperatorInformerFactory                             operatorinformers.SharedInformerFactory
-	KubeMAOSharedInformer                               informers.SharedInformerFactory
 
 	AvailableResources map[schema.GroupVersionResource]bool
 
@@ -72,8 +71,6 @@ func CreateControllerContext(cb *clients.Builder, stop <-chan struct{}, targetNa
 			opt.FieldSelector = fields.OneTermEqualSelector("metadata.name", "kube-apiserver-to-kubelet-client-ca").String()
 		},
 	)
-	// this is needed to listen for changes in MAO user data secrets to re-apply the ones we define in the MCO (since we manage them)
-	kubeMAOSharedInformer := informers.NewFilteredSharedInformerFactory(kubeClient, resyncPeriod()(), "openshift-machine-api", nil)
 
 	// filter out CRDs that do not have the MCO label
 	assignFilterLabels := func(opts *metav1.ListOptions) {
@@ -103,6 +100,5 @@ func CreateControllerContext(cb *clients.Builder, stop <-chan struct{}, targetNa
 		Stop:                                                stop,
 		InformersStarted:                                    make(chan struct{}),
 		ResyncPeriod:                                        resyncPeriod(),
-		KubeMAOSharedInformer:                               kubeMAOSharedInformer,
 	}
 }

pkg/controller/common/helpers.go

@@ -4,7 +4,6 @@ import (
 	"context"
 	"fmt"
 	"io/ioutil"
-	"net/url"
 	"reflect"
 	"sort"
 
@@ -26,7 +25,6 @@ import (
 	"github.com/ghodss/yaml"
 	"github.com/golang/glog"
 	"github.com/pkg/errors"
-	"github.com/vincent-petithory/dataurl"
 	kerr "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -129,40 +127,6 @@ func MergeMachineConfigs(configs []*mcfgv1.MachineConfig, osImageURL string) (*m
 	}, nil
 }
 
-// PointerConfig generates the stub ignition for the machine to boot properly
-// NOTE: If you change this, you also need to change the pointer configuration in openshift/installer, see
-// https://github.com/openshift/installer/blob/master/pkg/asset/ignition/machine/node.go#L20
-func PointerConfig(ignitionHost string, rootCA []byte) (ign3types.Config, error) {
-	configSourceURL := &url.URL{
-		Scheme: "https",
-		Host:   ignitionHost,
-		Path:   "/config/{{.Role}}",
-	}
-	// we do decoding here as curly brackets are escaped to %7B and breaks golang's templates
-	ignitionHostTmpl, err := url.QueryUnescape(configSourceURL.String())
-	if err != nil {
-		return ign3types.Config{}, err
-	}
-	CASource := dataurl.EncodeBytes(rootCA)
-	return ign3types.Config{
-		Ignition: ign3types.Ignition{
-			Version: ign3types.MaxVersion.String(),
-			Config: ign3types.IgnitionConfig{
-				Merge: []ign3types.Resource{{
-					Source: &ignitionHostTmpl,
-				}},
-			},
-			Security: ign3types.Security{
-				TLS: ign3types.TLS{
-					CertificateAuthorities: []ign3types.Resource{{
-						Source: &CASource,
-					}},
-				},
-			},
-		},
-	}, nil
-}
-
 // NewIgnConfig returns an empty ignition config with version set as latest version
 func NewIgnConfig() ign3types.Config {
 	return ign3types.Config{

pkg/operator/bootstrap.go

@@ -143,7 +143,7 @@ func RenderBootstrap(
 		templatectrl.BaremetalRuntimeCfgKey: imgs.BaremetalRuntimeCfg,
 	}
 
-	config := getRenderConfig("", string(filesData[kubeAPIServerServingCA]), spec, &imgs.RenderConfigImages, infra.Status.APIServerInternalURL, nil)
+	config := getRenderConfig("", string(filesData[kubeAPIServerServingCA]), spec, &imgs.RenderConfigImages, infra.Status.APIServerInternalURL)
 
 	manifests := []manifest{
 		{

pkg/operator/operator.go

@@ -97,7 +97,6 @@ type Operator struct {
 	clusterRoleBindingInformerSynced cache.InformerSynced
 	proxyListerSynced                cache.InformerSynced
 	oseKubeAPIListerSynced           cache.InformerSynced
-	maoSecretInformerSynced          cache.InformerSynced
 
 	// queue only ever has one item, but it has nice error handling backoff/retry semantics
 	queue workqueue.RateLimitingInterface
@@ -129,7 +128,6 @@ func New(
 	apiExtClient apiextclientset.Interface,
 	configClient configclientset.Interface,
 	oseKubeAPIInformer coreinformersv1.ConfigMapInformer,
-	maoSecretInformer coreinformersv1.SecretInformer,
 ) *Operator {
 	eventBroadcaster := record.NewBroadcaster()
 	eventBroadcaster.StartLogging(glog.Infof)
@@ -162,7 +160,6 @@ func New(
 		mcpInformer.Informer(),
 		proxyInformer.Informer(),
 		oseKubeAPIInformer.Informer(),
-		maoSecretInformer.Informer(),
 	} {
 		i.AddEventHandler(optr.eventHandler())
 	}
@@ -182,7 +179,6 @@ func New(
 	optr.oseKubeAPILister = oseKubeAPIInformer.Lister()
 	optr.oseKubeAPIListerSynced = oseKubeAPIInformer.Informer().HasSynced
 
-	optr.maoSecretInformerSynced = maoSecretInformer.Informer().HasSynced
 	optr.serviceAccountInformerSynced = serviceAccountInfomer.Informer().HasSynced
 	optr.clusterRoleInformerSynced = clusterRoleInformer.Informer().HasSynced
 	optr.clusterRoleBindingInformerSynced = clusterRoleBindingInformer.Informer().HasSynced
@@ -229,7 +225,6 @@ func (optr *Operator) Run(workers int, stopCh <-chan struct{}) {
 		optr.clusterCmListerSynced,
 		optr.serviceAccountInformerSynced,
 		optr.clusterRoleInformerSynced,
-		optr.maoSecretInformerSynced,
 		optr.clusterRoleBindingInformerSynced,
 		optr.networkListerSynced,
 		optr.proxyListerSynced,

pkg/operator/render.go

@@ -28,10 +28,9 @@ type renderConfig struct {
 	Images                 *RenderConfigImages
 	KubeAPIServerServingCA string
 	Infra                  configv1.Infrastructure
-	PointerConfig          string
 }
 
-func renderAsset(config interface{}, path string) ([]byte, error) {
+func renderAsset(config *renderConfig, path string) ([]byte, error) {
 	objBytes, err := assets.Asset(path)
 	if err != nil {
 		return nil, fmt.Errorf("error getting asset %s: %v", path, err)

pkg/operator/sync.go

@@ -1,19 +1,14 @@
 package operator
 
 import (
-	"bytes"
 	"context"
 	"crypto/x509"
 	"encoding/base64"
 	"encoding/json"
 	"encoding/pem"
 	"fmt"
 	"io/ioutil"
-	"net"
-	"net/url"
-	"strconv"
 	"strings"
-	"text/template"
 	"time"
 
 	"github.com/golang/glog"
@@ -24,20 +19,15 @@ import (
 	apiextv1beta1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/apimachinery/pkg/util/wait"
 	"k8s.io/client-go/tools/cache"
 
 	configv1 "github.com/openshift/api/config/v1"
-	libgoevents "github.com/openshift/library-go/pkg/operator/events"
-	libgoresapply "github.com/openshift/library-go/pkg/operator/resource/resourceapply"
 	"github.com/openshift/machine-config-operator/lib/resourceapply"
 	"github.com/openshift/machine-config-operator/lib/resourceread"
 	mcfgv1 "github.com/openshift/machine-config-operator/pkg/apis/machineconfiguration.openshift.io/v1"
-	ctrlcommon "github.com/openshift/machine-config-operator/pkg/controller/common"
 	templatectrl "github.com/openshift/machine-config-operator/pkg/controller/template"
 	"github.com/openshift/machine-config-operator/pkg/operator/assets"
-	"github.com/openshift/machine-config-operator/pkg/server"
 	"github.com/openshift/machine-config-operator/pkg/version"
 )
 
@@ -279,51 +269,11 @@ func (optr *Operator) syncRenderConfig(_ *renderConfig) error {
 		templatectrl.BaremetalRuntimeCfgKey: imgs.BaremetalRuntimeCfg,
 	}
 
-	ignitionHost, err := getIgnitionHost(&infra.Status)
-	if err != nil {
-		return err
-	}
-
-	pointerConfig, err := ctrlcommon.PointerConfig(ignitionHost, rootCA)
-	if err != nil {
-		return err
-	}
-	pointerConfigData, err := json.Marshal(pointerConfig)
-	if err != nil {
-		return err
-	}
-
 	// create renderConfig
-	optr.renderConfig = getRenderConfig(optr.namespace, string(kubeAPIServerServingCABytes), spec, &imgs.RenderConfigImages, infra.Status.APIServerInternalURL, pointerConfigData)
+	optr.renderConfig = getRenderConfig(optr.namespace, string(kubeAPIServerServingCABytes), spec, &imgs.RenderConfigImages, infra.Status.APIServerInternalURL)
 	return nil
 }
 
-func getIgnitionHost(infraStatus *configv1.InfrastructureStatus) (string, error) {
-	internalURL := infraStatus.APIServerInternalURL
-	internalURLParsed, err := url.Parse(internalURL)
-	if err != nil {
-		return "", err
-	}
-	securePortStr := strconv.Itoa(server.SecurePort)
-	ignitionHost := fmt.Sprintf("%s:%s", internalURLParsed.Hostname(), securePortStr)
-	if infraStatus.PlatformStatus != nil {
-		switch infraStatus.PlatformStatus.Type {
-		case configv1.BareMetalPlatformType:
-			ignitionHost = net.JoinHostPort(infraStatus.PlatformStatus.BareMetal.APIServerInternalIP, securePortStr)
-		case configv1.OpenStackPlatformType:
-			ignitionHost = net.JoinHostPort(infraStatus.PlatformStatus.OpenStack.APIServerInternalIP, securePortStr)
-		case configv1.OvirtPlatformType:
-			ignitionHost = net.JoinHostPort(infraStatus.PlatformStatus.Ovirt.APIServerInternalIP, securePortStr)
-		case configv1.VSpherePlatformType:
-			if infraStatus.PlatformStatus.VSphere != nil && infraStatus.PlatformStatus.VSphere.APIServerInternalIP != "" {
-				ignitionHost = net.JoinHostPort(infraStatus.PlatformStatus.VSphere.APIServerInternalIP, securePortStr)
-			}
-		}
-	}
-
-	return ignitionHost, nil
-}
-
 func (optr *Operator) syncCustomResourceDefinitions() error {
 	crds := []string{
 		"manifests/controllerconfig.crd.yaml",
@@ -367,32 +317,6 @@ func (optr *Operator) syncMachineConfigPools(config *renderConfig) error {
 		}
 	}
 
-	userDataTemplate := "manifests/userdata_secret.yaml"
-	pools, err := optr.mcpLister.List(labels.Everything())
-	if err != nil {
-		return err
-	}
-	// base64.StdEncoding.EncodeToString
-	for _, pool := range pools {
-		pointerConfigTmpl, err := template.New("pointer-config").Parse(config.PointerConfig)
-		if err != nil {
-			return err
-		}
-		pointerConfigData := new(bytes.Buffer)
-		if err := pointerConfigTmpl.Execute(pointerConfigData, struct{ Role string }{pool.Name}); err != nil {
-			return err
-		}
-		userdataBytes, err := renderAsset(struct{ Role, PointerConfig string }{pool.Name, base64.StdEncoding.EncodeToString(pointerConfigData.Bytes())}, userDataTemplate)
-		if err != nil {
-			return err
-		}
-		p := resourceread.ReadSecretV1OrDie(userdataBytes)
-		_, _, err = libgoresapply.ApplySecret(optr.kubeClient.CoreV1(), libgoevents.NewLoggingEventRecorder("machine-config-operator"), p)
-		if err != nil {
-			return err
-		}
-	}
-
 	return nil
 }
 
@@ -878,15 +802,14 @@ func (optr *Operator) getGlobalConfig() (*configv1.Infrastructure, *configv1.Net
 	return infra, network, proxy, nil
 }
 
-func getRenderConfig(tnamespace, kubeAPIServerServingCA string, ccSpec *mcfgv1.ControllerConfigSpec, imgs *RenderConfigImages, apiServerURL string, pointerConfigData []byte) *renderConfig {
+func getRenderConfig(tnamespace, kubeAPIServerServingCA string, ccSpec *mcfgv1.ControllerConfigSpec, imgs *RenderConfigImages, apiServerURL string) *renderConfig {
 	return &renderConfig{
 		TargetNamespace:        tnamespace,
 		Version:                version.Raw,
 		ControllerConfig:       *ccSpec,
 		Images:                 imgs,
 		APIServerURL:           apiServerURL,
 		KubeAPIServerServingCA: kubeAPIServerServingCA,
-		PointerConfig:          string(pointerConfigData),
 	}
 }