Open zking2000 opened 5 days ago
apiVersion: v1
kind: ServiceAccount
metadata:
name: otelcol-sidecar-sa
namespace: injector
annotations:
iam.gke.io/gcp-service-account: "tempo-gcs-access@observability-436022.iam.gserviceaccount.com"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: namespace-reader
rules:
- apiGroups: [""]
resources: ["namespaces"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: otelcol-sidecar-namespace-reader
subjects:
- kind: ServiceAccount
name: otelcol-sidecar-sa
namespace: injector
roleRef:
kind: ClusterRole
name: namespace-reader
apiGroup: rbac.authorization.k8s.io
{
"apiVersion": "admission.k8s.io/v1",
"kind": "AdmissionReview",
"request": {
"uid": "12345",
"kind": {
"group": "",
"version": "v1",
"kind": "Pod"
},
"resource": {
"group": "",
"version": "v1",
"resource": "pods"
},
"namespace": "injection-payload",
"object": {
"metadata": {
"name": "test-pod",
"labels": {
"otelcol-injection": "enabled"
}
},
"spec": {
"containers": [
{
"name": "test-container",
"image": "nginx"
}
]
}
}
}
}
set -e
NAMESPACE="grafana-stack" DEST_NAMESPACE="injection-payload" SERVICE="otelcol-injector" SECRET="otelcol-injector-secret" WEBHOOK_NAME="otelcol-injection-webhook" CSR_NAME="${SERVICE}.${NAMESPACE}" CERT_DIR="${TMP_DIR}/certs" CONFIGMAP_NAME="otelcol-config" SERVICE_ACCOUNT="pft-uk-grafana-gke-sa"
export HTTPS_PROXY=http://localhost:8888
delete_if_exists() { local resource_type=$1 local resource_name=$2 local extra_args=$3
if kubectl get $resource_type $resource_name $extra_args &> /dev/null; then
echo "Deleting $resource_type $resource_name"
kubectl delete $resource_type $resource_name $extra_args
else
echo "$resource_type $resource_name not found, skipping deletion"
fi
}
delete_if_exists CertificateSigningRequest ${CSR_NAME}
if [ -f deployment.yaml ]; then echo "Deleting resources defined in deployment.yaml" kubectl delete -f deployment.yaml || echo "Failed to delete some resources from deployment.yaml" else echo "deployment.yaml not found, skipping" fi
delete_if_exists namespace ${DEST_NAMESPACE}
delete_if_exists MutatingWebhookConfiguration ${WEBHOOK_NAME}
delete_if_exists ClusterRoleBinding otelcol-sidecar-namespace-reader
delete_if_exists ClusterRole namespace-reader
echo "Cleanup completed."
#!/bin/bash
set -e
# Set variables
NAMESPACE="grafana-stack"
DEST_NAMESPACE="injection-payload"
SERVICE="otelcol-injector"
SECRET="otelcol-injector-secret"
WEBHOOK_NAME="otelcol-injection-webhook"
CSR_NAME="${SERVICE}.${NAMESPACE}"
CERT_DIR="${TMP_DIR}/certs"
CONFIGMAP_NAME="otelcol-config"
SERVICE_ACCOUNT="pft-uk-grafana-gke-sa"
export HTTPS_PROXY=http://localhost:8888
# Function to check if resource exists and delete if it does
delete_if_exists() {
local resource_type=$1
local resource_name=$2
local extra_args=$3
if kubectl get $resource_type $resource_name $extra_args &> /dev/null; then
echo "Deleting $resource_type $resource_name"
kubectl delete $resource_type $resource_name $extra_args
else
echo "$resource_type $resource_name not found, skipping deletion"
fi
}
# Cleanup approved csr
delete_if_exists CertificateSigningRequest ${CSR_NAME}
# Delete deployment
if [ -f deployment.yaml ]; then
echo "Deleting resources defined in deployment.yaml"
kubectl delete -f deployment.yaml || echo "Failed to delete some resources from deployment.yaml"
else
echo "deployment.yaml not found, skipping"
fi
# Delete namespace
delete_if_exists namespace ${DEST_NAMESPACE}
# Delete MutatingWebhookConfiguration
delete_if_exists MutatingWebhookConfiguration ${WEBHOOK_NAME}
# Delete ClusterRoleBinding
delete_if_exists ClusterRoleBinding otelcol-sidecar-namespace-reader
# Delete ClusterRole
delete_if_exists ClusterRole namespace-reader
echo "Cleanup completed."