Bye linkerd (aka. unlinked) (#604)

* Remove legacy and linkerd code

* Remove some dead code and fix some deprecations

* upkeep: Maps har egen copy-funksjon

---------

Co-authored-by: Kyrre Havik <[email protected]>

Author: thokra-nav

charts/naiserator/Feature.yaml

@@ -5,7 +5,6 @@ dependencies:
 environmentKinds:
   - tenant
   - onprem
-  - legacy
 values:
   imageTag:
     displayName: Image tag
@@ -53,10 +52,6 @@ values:
     displayName: Enable Azure AD for applications
     config:
       type: bool
-  naiserator.features.linkerd:
-    displayName: Enable Linkerd annotations
-    config:
-      type: bool
   naiserator.doc-url:
     computed:
       template: |
@@ -93,13 +88,6 @@ values:
     displayName: Enable Kafka for applications
     computed:
       template: '{{ne .Env.aiven_project ""}}'
-  naiserator.features.legacy-gcp:
-    description: Configure Naiserator to work with legacy GCP clusters (override mapping for migration)
-    displayName: Enable legacy GCP mode
-    computed:
-      template: '{{eq .Kind "legacy"}}'
-    config:
-      type: bool
   naiserator.features.nav-ca-bundle:
     displayName: Enable NAV CA bundle
     config:
@@ -215,34 +203,29 @@ values:
       type: string
     ignoreKind:
       - tenant
-      - legacy
   naiserator.proxy.exclude:
     config:
       type: string
     ignoreKind:
       - tenant
-      - legacy
   naiserator.vault.address:
     required: true
     config:
       type: string
     ignoreKind:
       - tenant
-      - legacy
   naiserator.vault.auth-path:
     required: true
     config:
       type: string
     ignoreKind:
       - tenant
-      - legacy
   naiserator.vault.kv-path:
     required: true
     config:
       type: string
     ignoreKind:
       - tenant
-      - legacy
   naiserator.image-pull-secrets:
     description: List of image pull secrets to use for pulling images
     config:

charts/naiserator/values.yaml

@@ -37,8 +37,6 @@ naiserator:
     influx-credentials: false
     jwker: false
     kafkarator: false
-    legacy-gcp: false
-    linkerd: false
     maskinporten: false
     nav-ca-bundle: false
     network-policy: true

hack/tilt-naiserator-config.yaml

@@ -14,8 +14,6 @@ features:
   influx-credentials: false
   jwker: false
   kafkarator: false
-  legacy-gcp: false
-  linkerd: false
   maskinporten: false
   nav-ca-bundle: false
   network-policy: false

pkg/generators/application.go

@@ -102,11 +102,6 @@ func (g *Application) Prepare(ctx context.Context, source resource.Source, kube
 		return nil, err
 	}
 
-	// Create Linkerd resources only if feature is enabled and namespace is Linkerd-enabled
-	if g.Config.Features.Linkerd && namespace.Annotations["linkerd.io/inject"] == "enabled" {
-		o.Linkerd = true
-	}
-
 	o.Team = app.GetNamespace()
 
 	return o, nil

pkg/generators/config.go

@@ -17,7 +17,6 @@ type Options struct {
 	GoogleProjectID     string
 	GoogleTeamProjectID string
 	Image               string
-	Linkerd             bool
 	NumReplicas         int32
 	Team                string
 	SqlInstance         SqlInstance
@@ -35,11 +34,6 @@ func (o *Options) SqlInstanceHasPrivateIpInSharedVpc() bool {
 	return o.SqlInstance.hasPrivateIpInSharedVpc
 }
 
-func (o *Options) IsLinkerdEnabled() bool {
-	// not o.Config.Features - this flag is detected in Prepare()
-	return o.Linkerd
-}
-
 func (o *Options) GetAPIServerIP() string {
 	return o.Config.ApiServerIp
 }
@@ -60,10 +54,6 @@ func (o *Options) IsNetworkPolicyEnabled() bool {
 	return o.Config.Features.NetworkPolicy
 }
 
-func (o *Options) IsLegacyGCP() bool {
-	return o.Config.Features.LegacyGCP
-}
-
 func (o *Options) IsCNRMEnabled() bool {
 	return o.Config.Features.CNRM
 }

pkg/generators/naisjob.go

@@ -75,11 +75,6 @@ func (g *Naisjob) Prepare(ctx context.Context, source resource.Source, kube clie
 		return nil, err
 	}
 
-	// Create Linkerd resources only if feature is enabled and namespace is Linkerd-enabled
-	if g.Config.Features.Linkerd && namespace.Annotations["linkerd.io/inject"] == "enabled" {
-		o.Linkerd = true
-	}
-
 	o.Team = job.GetNamespace()
 
 	return o, nil

pkg/naiserator/config/config.go

@@ -58,8 +58,6 @@ type Features struct {
 	InfluxCredentials           bool     `json:"influx-credentials"`
 	Jwker                       bool     `json:"jwker"`
 	Kafkarator                  bool     `json:"kafkarator"`
-	LegacyGCP                   bool     `json:"legacy-gcp"`
-	Linkerd                     bool     `json:"linkerd"`
 	Maskinporten                bool     `json:"maskinporten"`
 	NAVCABundle                 bool     `json:"nav-ca-bundle"`
 	NetworkPolicy               bool     `json:"network-policy"`
@@ -206,15 +204,13 @@ const (
 	FeaturesJwker                                 = "features.jwker"
 	FeaturesCNRM                                  = "features.cnrm"
 	FeaturesKafkarator                            = "features.kafkarator"
-	FeaturesLinkerd                               = "features.linkerd"
 	FeaturesMaskinporten                          = "features.maskinporten"
 	FeaturesNetworkPolicy                         = "features.network-policy"
 	FeaturesPrometheusOperator                    = "features.prometheus-operator"
 	FeaturesTexas                                 = "features.texas"
 	FeaturesVault                                 = "features.vault"
 	FeaturesWebhook                               = "features.webhook"
 	FeaturesWonderwall                            = "features.wonderwall"
-	FeaturesLegacyGCP                             = "features.legacy-gcp"
 	FQDNPolicyEnabled                             = "fqdn-policy.enabled"
 	GoogleCloudSQLProxyContainerImage             = "google-cloud-sql-proxy-container-image"
 	GoogleProjectId                               = "google-project-id"
@@ -295,7 +291,6 @@ func init() {
 	flag.String(GoogleCloudSQLProxyContainerImage, "", "Docker image of Cloud SQL Proxy container")
 	flag.String(ApiServerIp, "", "IP to master in GCP, e.g. 172.16.0.2/32 for GCP")
 	flag.String(NaisNamespace, "nais-system", "namespace where nais resources are deployed")
-	flag.Bool(FeaturesLinkerd, false, "enable creation of Linkerd-specific resources")
 	flag.StringSlice(
 		FeaturesAccessPolicyNotAllowedCIDRs, []string{""},
 		"CIDRs that should not be included within the allowed IP Block rule for network policy",
@@ -311,7 +306,6 @@ func init() {
 	flag.Bool(FeaturesMaskinporten, false, "enable creation of Maskinporten client resources and secret injection")
 	flag.Bool(FeaturesWebhook, false, "enable admission webhook server")
 	flag.Bool(FeaturesPrometheusOperator, false, "enable Prometheus Operator")
-	flag.Bool(FeaturesLegacyGCP, false, "enable legacy GCP resources")
 	flag.Bool(FeaturesWonderwall, false, "enable Wonderwall sidecar")
 	flag.Bool(FeaturesTexas, false, "enable token exchange as a sidecar/service")
 	flag.Bool(FQDNPolicyEnabled, false, "enable FQDN policies")

pkg/resourcecreator/azure/azureadapplication.go

@@ -10,7 +10,7 @@ import (
 	"github.com/nais/liberator/pkg/namegen"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/validation"
-	"k8s.io/utils/pointer"
+	"k8s.io/utils/ptr"
 
 	"github.com/nais/naiserator/pkg/resourcecreator/accesspolicy"
 	"github.com/nais/naiserator/pkg/resourcecreator/pod"
@@ -124,7 +124,7 @@ func sidecar(source Source, ast *resource.Ast, config Config, azureApp *nais_io_
 	azureApp.Spec.LogoutUrl = util.AppendPathToIngress(ingresses[0], wonderwall.FrontChannelLogoutPath)
 
 	// ensure that singlePageApplication is _disabled_ if sidecar is enabled
-	azureApp.Spec.SinglePageApplication = pointer.Bool(false)
+	azureApp.Spec.SinglePageApplication = ptr.To(false)
 
 	s := source.GetAzure().GetSidecar()
 	return wonderwall.Create(source, ast, config, wonderwall.Configuration{

pkg/resourcecreator/google/bigquery/bigquery.go

@@ -13,7 +13,7 @@ import (
 	"github.com/nais/naiserator/pkg/util"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/validation"
-	"k8s.io/utils/pointer"
+	"k8s.io/utils/ptr"
 )
 
 type Source interface {
@@ -67,7 +67,7 @@ func iAMPolicyMember(source resource.Source, bigqueryDataset *google_nais_io_v1.
 			Role:   "roles/bigquery.jobUser",
 			ResourceRef: google_iam_crd.ResourceRef{
 				Kind: "Project",
-				Name: pointer.StringPtr(""),
+				Name: ptr.To(""),
 			},
 		},
 	}
@@ -114,4 +114,4 @@ func createDataset(source resource.Source, bigQuerySpec nais_io_v1.CloudBigQuery
 			},
 		},
 	}, nil
-}
+}

pkg/resourcecreator/google/sql/user.go

@@ -4,7 +4,6 @@ import (
 	"fmt"
 	"strings"
 
-	nais "github.com/nais/liberator/pkg/apis/nais.io/v1"
 	nais_io_v1 "github.com/nais/liberator/pkg/apis/nais.io/v1"
 	googlesqlcrd "github.com/nais/liberator/pkg/apis/sql.cnrm.cloud.google.com/v1beta1"
 	"github.com/nais/liberator/pkg/namegen"
@@ -34,7 +33,7 @@ const (
 type GoogleSqlUser struct {
 	Username string
 	AppName  string
-	DB       *nais.CloudSqlDatabase
+	DB       *nais_io_v1.CloudSqlDatabase
 	Instance *googlesqlcrd.SQLInstance
 }
 
@@ -103,17 +102,6 @@ func (in GoogleSqlUser) createSqlUserDBResources(objectMeta metav1.ObjectMeta, a
 	ast.AppendOperation(resource.OperationCreateIfNotExists, googleSqlUser)
 }
 
-func (in GoogleSqlUser) filterDefaultUserKey(key string, suffix string) string {
-	if in.prefixIsSet() && in.isDefault() {
-		prefix := in.googleSqlUserPrefix()
-		noPrefixSubstring := strings.TrimPrefix(key, prefix)
-		if noPrefixSubstring == suffix {
-			return key
-		}
-	}
-	return ""
-}
-
 func (in GoogleSqlUser) sqlUserEnvPrefix() string {
 	if in.prefixIsSet() {
 		return strings.TrimSuffix(in.DB.EnvVarPrefix, "_")

pkg/resourcecreator/ingress/ingress.go

@@ -30,7 +30,6 @@ type Source interface {
 
 type Config interface {
 	GetGatewayMappings() []config.GatewayMapping
-	IsLinkerdEnabled() bool
 	GetDocUrl() string
 	GetClusterName() string
 }

pkg/resourcecreator/ingress/ingress_test.go

@@ -23,7 +23,6 @@ func TestIngress(t *testing.T) {
 			assert.NoError(t, err)
 
 			opts := &generators.Options{}
-			opts.Config.Features.Linkerd = false
 			err = ingress.Create(app, ast, opts)
 
 			assert.NotNil(t, err)
@@ -40,7 +39,6 @@ func TestIngress(t *testing.T) {
 			assert.NoError(t, err)
 
 			opts := &generators.Options{}
-			opts.Linkerd = true
 			opts.Config.GatewayMappings = []config.GatewayMapping{
 				{
 					DomainSuffix: ".bar",

pkg/resourcecreator/networkpolicy/networkpolicy.go

@@ -29,7 +29,6 @@ type Config interface {
 	GetGoogleProjectID() string
 	GetNaisNamespace() string
 	IsNetworkPolicyEnabled() bool
-	IsLegacyGCP() bool
 }
 
 func baseNetworkPolicy(source Source) *networkingv1.NetworkPolicy {
@@ -47,13 +46,6 @@ func Create(source Source, ast *resource.Ast, cfg Config) {
 		return
 	}
 
-	if cfg.IsLegacyGCP() {
-		np := baseNetworkPolicy(source)
-		np.Spec = legacyNetpolSpec(source.GetName(), cfg.GetClusterName())
-		np.SetName(source.GetName() + "-legacy")
-		ast.AppendOperation(resource.OperationCreateOrUpdate, np)
-	}
-
 	np := baseNetworkPolicy(source)
 	np.Spec = netpolSpec(source.GetName(), cfg, source.GetAccessPolicy(), source.GetIngress(), source.GetLeaderElection())
 	ast.AppendOperation(resource.OperationCreateOrUpdate, np)
@@ -225,32 +217,6 @@ func defaultIngressRules(cfg Config) []networkingv1.NetworkPolicyIngressRule {
 	}
 }
 
-func legacyNetpolSpec(appName string, clusterName string) networkingv1.NetworkPolicySpec {
-	return networkingv1.NetworkPolicySpec{
-		PodSelector: *labelSelector("app", appName),
-		PolicyTypes: []networkingv1.PolicyType{
-			networkingv1.PolicyTypeIngress,
-			networkingv1.PolicyTypeEgress,
-		},
-		Ingress: []networkingv1.NetworkPolicyIngressRule{
-			{
-				From: []networkingv1.NetworkPolicyPeer{
-					{
-						NamespaceSelector: labelSelector("linkerd.io/is-control-plane", "true"),
-					},
-				},
-			},
-		},
-		Egress: []networkingv1.NetworkPolicyEgressRule{
-			{
-				To: []networkingv1.NetworkPolicyPeer{{
-					NamespaceSelector: labelSelector("linkerd.io/is-control-plane", "true"),
-				}},
-			},
-		},
-	}
-}
-
 func ingressRulesFromAccessPolicy(policy *nais_io_v1.AccessPolicy, options Config) []networkingv1.NetworkPolicyIngressRule {
 	if policy == nil || policy.Inbound == nil || len(policy.Inbound.Rules) == 0 {
 		return nil