From 88a1b53c1e62435bbd2db4a9d0015b2296038424 Mon Sep 17 00:00:00 2001
From: Jeremy Lewi <jeremy+github@lewi.us>
Date: Fri, 1 May 2020 17:03:24 -0700
Subject: [PATCH] Delete setup scripts for KCC. (#648)

* Setup for KCC to manage community projects has moved to the repo
  https://github.com/kubeflow/community-infra

* See #647 for more details.

Fix #647
---
 config_connector/README.md                  | 53 -------------------
 config_connector/community_cluster_setup.sh | 27 ----------
 config_connector/config_connector_setup.sh  | 56 ---------------------
 config_connector/containercluster.yaml      | 18 -------
 config_connector/containernodepool.yaml     | 25 ---------
 config_connector/iampolicy.yaml             | 13 -----
 config_connector/iamserviceaccount.yaml     |  6 ---
 config_connector/serviceaccount.yaml        |  6 ---
 8 files changed, 204 deletions(-)
 delete mode 100644 config_connector/README.md
 delete mode 100644 config_connector/community_cluster_setup.sh
 delete mode 100644 config_connector/config_connector_setup.sh
 delete mode 100644 config_connector/containercluster.yaml
 delete mode 100644 config_connector/containernodepool.yaml
 delete mode 100644 config_connector/iampolicy.yaml
 delete mode 100644 config_connector/iamserviceaccount.yaml
 delete mode 100644 config_connector/serviceaccount.yaml

diff --git a/config_connector/README.md b/config_connector/README.md
deleted file mode 100644
index ada9a6601a3..00000000000
--- a/config_connector/README.md
+++ /dev/null
@@ -1,53 +0,0 @@
-# Cloud Connector
-
-This directory contains configurations and scripts for using
-[Config Connector](https://cloud.google.com/config-connector/) to declaratively
-setup and manage Kubeflow Kubernetes clusters.
-
-## Background
-
-### Layout
-
-All Config Connector managed projects live in the Google Cloud folder "kf-kcc".
-The Kubernetes cluster with Config Connector lives in the "kf-kcc-admin"
-project. Projects created via Config Connector exist in the "users" subfolder 
-under the "kf-kcc-admin" project.
-
-The current Google Cloud project and folder hierarchy is as follows:
-
- - kf-kcc (folder)
-   - kf-kcc-admin (project)
-     - users (folder)
-
-### Setup
-
-Currently, Config Connector is setup on a Kubernetes cluster named
-"kubeflow-cloudconnector". Future Config Connector-managed clusters should be
-created using the "kubeflow-cloudconnector" cluster against the "kf-kcc-admin"
-namespace.
-
-## Scripts
-
-The following scripts assume the following:
-
-1. The user has permissions and access to the 'kf-kcc-admin' Google Cloud
-project
-2. The user's gcloud config is set to the 'kf-kcc-admin' project
-3. The user's kube config has the 'kf-kcc-admin' credentials and is using the
-'kf-kcc-admin' context
-
-`config_connector_setup.sh` sets up Config Connector using an existing GKE
-cluster. This will set up service accounts, IAM, and secrets in the
-'cnrm-system' namespace. The script requires a project ID as a parameter (in
-this case, 'kf-kcc-admin'). You should also be in the context of the cluster you
-want to install Config Connector on when running this script.
-
-`community_cluster_setup.sh` sets up a GKE cluster for Kubeflow Community
-projects with one master node and one worker node. It uses the namespace
-"kf-kcc-admin", which is the name of the Google Cloud project. This script will
-then apply the following YAML files:
-
-- `containercluster.yaml`
-- `iampolicy.yaml`
-- `iamserviceaccount.yaml`
-- `serviceaccount.yaml`
diff --git a/config_connector/community_cluster_setup.sh b/config_connector/community_cluster_setup.sh
deleted file mode 100644
index a47ed7e4af7..00000000000
--- a/config_connector/community_cluster_setup.sh
+++ /dev/null
@@ -1,27 +0,0 @@
-#!/usr/bin/env bash
-
-help()
-{
-  echo "Sets up the Kubeflow Community Cluster yaml"
-  echo
-  echo "Usage: bash community_cluster_setup.sh"
-}
-
-if [[ $1 == "-h" ]] || [[ $1 == "--help" ]]; then
-  help
-  exit 1
-fi
-
-namespace="kf-kcc-admin"
-
-if [[ ! $(kubectl get ns ${namespace} 2> /dev/null) ]]; then
-  echo -e "\e[31mCreating namespace 'kf-kcc-admin'\e[0m"
-  kubectl create ns ${namespace}
-fi
-
-echo -e "\e[31mApplying YAML files\e[0m"
-kubectl -n ${namespace} apply -f serviceaccount.yaml
-kubectl -n ${namespace} apply -f iamserviceaccount.yaml
-kubectl -n ${namespace} apply -f iampolicy.yaml
-kubectl -n ${namespace} apply -f containercluster.yaml
-kubectl -n ${namespace} apply -f containernodepool.yaml
diff --git a/config_connector/config_connector_setup.sh b/config_connector/config_connector_setup.sh
deleted file mode 100644
index 0fa23e46ad6..00000000000
--- a/config_connector/config_connector_setup.sh
+++ /dev/null
@@ -1,56 +0,0 @@
-#!/usr/bin/env bash
-
-# Sets up Config Connector -- gcloud must be setup correctly
-# https://cloud.google.com/config-connector/docs/how-to/install-upgrade-uninstall
-
-help()
-{
-  echo "Sets up Config Connector using gcloud"
-  echo "Requires a project ID as the first parameter"
-  echo
-  echo "Usage: bash config_connector_setup.sh [project-id]"
-}
-
-if [[ $# -lt 1 ]] || [[ $1 == "-h" ]] || [[ $1 == "--help" ]]; then
-  help
-  exit 1
-fi
-
-PROJECT_ID="${1}"
-
-echo -e "\e[31mBeginning setup...\e[0m"
-
-if [[ ! $(gcloud iam service-accounts list | grep cnrm-system) ]]; then
-  echo -e "\e[31mSetting up service accounts and IAM\e[0m"
-  gcloud iam service-accounts create cnrm-system
-
-  gcloud projects add-iam-policy-binding ${PROJECT_ID} \
-  --member serviceAccount:cnrm-system@${PROJECT_ID}.iam.gserviceaccount.com \
-  --role roles/owner
-fi
-
-if [[ ! $(kubectl get ns cnrm-system) ]]; then
-  echo -e "\e[31mCreating namespace and secret\e[0m"
-  kubectl create namespace cnrm-system
-
-  gcloud iam service-accounts keys create --iam-account \
-  cnrm-system@${PROJECT_ID}.iam.gserviceaccount.com key.json
-
-  kubectl create secret generic gcp-key --from-file key.json \
-  --namespace cnrm-system
-
-  rm key.json
-fi
-
-echo -e "\e[31mDownloading and installing config connector\e[0m"
-gsutil cp gs://cnrm/latest/release-bundle.tar.gz release-bundle.tar.gz
-
-tar -zxvf release-bundle.tar.gz && rm release-bundle.tar.gz
-
-kubectl apply -f install-bundle-gcp-identity/
-rm -rf install-bundle-*/ samples/
-
-echo -e "\e[31mChecking for cnrm controller manager...\e[0m"
-kubectl wait -n cnrm-system --for=condition=Initialized pod cnrm-controller-manager-0
-
-echo -e "\e[31mSetup finished!\e[0m"
diff --git a/config_connector/containercluster.yaml b/config_connector/containercluster.yaml
deleted file mode 100644
index 16dac98c35e..00000000000
--- a/config_connector/containercluster.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: container.cnrm.cloud.google.com/v1beta1
-kind: ContainerCluster
-metadata:
-  annotations:
-    cnrm.cloud.google.com/remove-default-node-pool: "false"
-    cnrm.cloud.google.com/project-id: "kf-kcc-admin"
-  name: kf-community
-spec:
-  location: us-west1-a
-  initialNodeCount: 1
-  loggingService: logging.googleapis.com/kubernetes
-  monitoringService: monitoring.googleapis.com/kubernetes
-  nodeConfig:
-    diskSizeGb: 100
-    diskType: pd-standard
-    machineType: n1-standard-1
-  nodeVersion: 1.15.9-gke.24
-  minMasterVersion: 1.15.9-gke.24
diff --git a/config_connector/containernodepool.yaml b/config_connector/containernodepool.yaml
deleted file mode 100644
index c5454d7ad43..00000000000
--- a/config_connector/containernodepool.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
-apiVersion: container.cnrm.cloud.google.com/v1beta1
-kind: ContainerNodePool
-metadata:
-  annotations:
-    cnrm.cloud.google.com/project-id: "kf-kcc-admin"
-  name: kf-community
-spec:
-  location: us-west1-a
-  initialNodeCount: 2
-  autoscaling:
-    minNodeCount: 1
-    maxNodeCount: 3
-  nodeConfig:
-    diskSizeGb: 100
-    diskType: pd-standard
-    preemptible: false
-    minCpuPlatform: "Intel Haswell"
-    oauthScopes:
-      - "https://www.googleapis.com/auth/logging.write"
-      - "https://www.googleapis.com/auth/monitoring"
-  management:
-    autoRepair: true
-    autoUpgrade: true
-  clusterRef:
-    name: kf-community
diff --git a/config_connector/iampolicy.yaml b/config_connector/iampolicy.yaml
deleted file mode 100644
index 90f3103e554..00000000000
--- a/config_connector/iampolicy.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-apiVersion: iam.cnrm.cloud.google.com/v1beta1
-kind: IAMPolicy
-metadata:
-  name: iampolicy-kf-workloadidentity
-spec:
-  resourceRef:
-    apiVersion: iam.cnrm.cloud.google.com/v1beta1
-    kind: IAMServiceAccount
-    name: iampolicy-dep-workloadidentity
-  bindings:
-    - role: roles/iam.workloadIdentityUser
-      members:
-        - serviceAccount:kf-kcc-admin.svc.id.goog[default/iampolicy-dep-workloadidentity]
diff --git a/config_connector/iamserviceaccount.yaml b/config_connector/iamserviceaccount.yaml
deleted file mode 100644
index 1d6bcc9095f..00000000000
--- a/config_connector/iamserviceaccount.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
-apiVersion: iam.cnrm.cloud.google.com/v1beta1
-kind: IAMServiceAccount
-metadata:
-  name: iampolicy-dep-workloadidentity
-spec:
-  displayName: kf-community-iamsa
diff --git a/config_connector/serviceaccount.yaml b/config_connector/serviceaccount.yaml
deleted file mode 100644
index db54d0b7664..00000000000
--- a/config_connector/serviceaccount.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: iampolicy-dep-workloadidentity
-  annotations:
-    iam.gke.io/gcp-service-account: iampolicy-dep-workloadidentity@kubeflow-cloudconnector.iam.gserviceaccount.com