Remove PKO UAMI, not requried

janboll · janboll · commit 575c0c1b9754 · 2025-01-20T10:30:03.000+01:00
diff --git a/dev-infrastructure/templates/mgmt-cluster.bicep b/dev-infrastructure/templates/mgmt-cluster.bicep
@@ -107,11 +107,6 @@ module mgmtCluster '../modules/aks-cluster-base.bicep' = {
         namespace: 'maestro'
         serviceAccountName: 'maestro'
       }
-      package_operator: {
-        uamiName: 'package-operator'
-        namespace: 'package-operator-system'
-        serviceAccountName: 'package-operator'
-      }
     })
     aksKeyVaultName: aksKeyVaultName
     acrPullResourceGroups: acrPullResourceGroups
diff --git a/pko/Makefile b/pko/Makefile
@@ -8,14 +8,6 @@ ARO_HCP_IMAGE_REPOSITORY ?= package-operator/package-operator-package
 
 deploy:
 	@kubectl create namespace ${NAMESPACE} --dry-run=client -o json | kubectl apply -f -
-	PKO_MI_CLIENT_ID=$$(az identity show \
-			-g ${RESOURCEGROUP} \
-			-n package-operator \
-			--query clientId -o tsv) && \
-	PKO_MI_TENANT_ID=$$(az identity show \
-			-g ${RESOURCEGROUP} \
-			-n package-operator \
-			--query tenantId -o tsv) && \
 	IMAGE_PULLER_MI_CLIENT_ID=$$(az identity show \
 			-g ${RESOURCEGROUP} \
 			-n image-puller \
@@ -32,9 +24,7 @@ deploy:
 	--set pullBinding.workloadIdentityClientId="$${IMAGE_PULLER_MI_CLIENT_ID}" \
 	--set pullBinding.workloadIdentityTenantId="$${IMAGE_PULLER_MI_TENANT_ID}" \
 	--set pullBinding.registry=${ARO_HCP_IMAGE_REGISTRY} \
-	--set pullBinding.scope='repository:*:pull' \
-	--set serviceAccount.workloadIdentityClientId="$${PKO_MI_CLIENT_ID}" \
-	--set serviceAccount.workloadIdentityTenantId="$${PKO_MI_CLIENT_ID}"
+	--set pullBinding.scope='repository:*:pull' 
 
 image:
 	az acr login --name ${ARO_HCP_IMAGE_ACR} && \
diff --git a/pko/helm/templates/serviceaccount.yaml b/pko/helm/templates/serviceaccount.yaml
@@ -3,8 +3,5 @@ kind: ServiceAccount
 metadata:
   name: package-operator
   namespace: package-operator-system
-  annotations:
-    azure.workload.identity/client-id: '{{ .Values.serviceAccount.workloadIdentityClientId }}'
-    azure.workload.identity/tenant-id: '{{ .Values.serviceAccount.workloadIdentityTenantId }}'
   labels:
     package-operator.run/cache: "True"
diff --git a/pko/helm/values.yaml b/pko/helm/values.yaml
@@ -6,6 +6,3 @@ pullBinding:
   scope: ""
   workloadIdentityClientId: ""
   workloadIdentityTenantId: ""
-serviceAccount:
-  workloadIdentityClientId: ""
-  workloadIdentityTenantId: ""
