Disable custom user docker registry configuration that bypasses serve…

…rless CR spec (#868)

components/operator/internal/registry/secret.go

@@ -5,75 +5,18 @@ import (
 
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
-	"k8s.io/apimachinery/pkg/labels"
-	"k8s.io/apimachinery/pkg/selection"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
 const (
 	ServerlessRegistryDefaultSecretName              = "serverless-registry-config-default"
-	ServerlessExternalRegistrySecretName             = "serverless-registry-config"
-	ServerlessExternalRegistryLabelRemoteRegistryKey = "serverless.kyma-project.io/remote-registry"
-	ServerlessExternalRegistryLabelRemoteRegistryVal = "config"
 	ServerlessExternalRegistryLabelConfigKey         = "serverless.kyma-project.io/config"
 	ServerlessExternalRegistryLabelConfigVal         = "credentials"
 	ServerlessRegistryIsInternalKey                  = "isInternal"
 	ServerlessDockerRegistryDeploymentName           = "serverless-docker-registry"
 	RegistryHTTPEnvKey                               = "REGISTRY_HTTP_SECRET"
 )
 
-func ListExternalNamespacedScopeSecrets(ctx context.Context, c client.Client) ([]corev1.Secret, error) {
-
-	// has config label
-	remoteRegistryLabelRequirement, _ := labels.NewRequirement(ServerlessExternalRegistryLabelRemoteRegistryKey, selection.Equals, []string{
-		ServerlessExternalRegistryLabelRemoteRegistryVal,
-	})
-
-	// has not credentials label
-	configLabelRequirement, _ := labels.NewRequirement(ServerlessExternalRegistryLabelConfigKey, selection.DoesNotExist, []string{})
-
-	labeledSecrets := corev1.SecretList{}
-	err := c.List(ctx, &labeledSecrets, &client.ListOptions{
-		LabelSelector: labels.NewSelector().Add(
-			*remoteRegistryLabelRequirement,
-			*configLabelRequirement,
-		),
-	})
-	if err != nil {
-		return nil, err
-	}
-
-	secrets := []corev1.Secret{}
-	for _, secret := range labeledSecrets.Items {
-		if secret.Name == ServerlessExternalRegistrySecretName {
-			secrets = append(secrets, secret)
-		}
-	}
-
-	return secrets, err
-}
-
-func GetExternalClusterWideRegistrySecret(ctx context.Context, c client.Client, namespace string) (*corev1.Secret, error) {
-	secret := corev1.Secret{}
-	key := client.ObjectKey{
-		Namespace: namespace,
-		Name:      ServerlessExternalRegistrySecretName,
-	}
-	err := c.Get(ctx, key, &secret)
-	if err != nil {
-		return nil, client.IgnoreNotFound(err)
-	}
-
-	if val, ok := secret.GetLabels()[ServerlessExternalRegistryLabelRemoteRegistryKey]; !ok || val != ServerlessExternalRegistryLabelRemoteRegistryVal {
-		return nil, nil
-	}
-	if val, ok := secret.GetLabels()[ServerlessExternalRegistryLabelConfigKey]; !ok || val != ServerlessExternalRegistryLabelConfigVal {
-		return nil, nil
-	}
-
-	return &secret, nil
-}
-
 func GetServerlessInternalRegistrySecret(ctx context.Context, c client.Client, namespace string) (*corev1.Secret, error) {
 	secret := corev1.Secret{}
 	key := client.ObjectKey{

components/operator/internal/state/registry.go

@@ -2,7 +2,6 @@ package state
 
 import (
 	"context"
-	"fmt"
 
 	"github.com/kyma-project/serverless/components/operator/api/v1alpha1"
 	"github.com/kyma-project/serverless/components/operator/internal/registry"
@@ -37,21 +36,8 @@ func sFnRegistryConfiguration(ctx context.Context, r *reconciler, s *systemState
 }
 
 func configureRegistry(ctx context.Context, r *reconciler, s *systemState) error {
-	extRegSecretClusterWide, err := registry.GetExternalClusterWideRegistrySecret(ctx, r.client, s.instance.GetNamespace())
-	if err != nil {
-		return err
-	}
-
-	extRegSecretNamespacedScope, err := registry.ListExternalNamespacedScopeSecrets(ctx, r.client)
-	if err != nil {
-		return err
-	}
 
 	switch {
-	case extRegSecretClusterWide != nil:
-		// case: use runtime secret (with labels)
-		// doc: https://kyma-project.io/docs/kyma/latest/05-technical-reference/svls-03-switching-registries#cluster-wide-external-registry
-		setRuntimeRegistryConfig(extRegSecretClusterWide, s)
 	case isRegistrySecretName(s.instance.Spec.DockerRegistry):
 		// case: use secret from secretName field
 		err := setExternalRegistryConfig(ctx, r, s)
@@ -68,38 +54,18 @@ func configureRegistry(ctx context.Context, r *reconciler, s *systemState) error
 		// case: use k3d registry
 		setK3dRegistryConfig(s)
 	}
-
-	addRegistryConfigurationWarnings(extRegSecretClusterWide, extRegSecretNamespacedScope, s)
+	addRegistryConfigurationWarnings(s)
 	return nil
 }
 
-func addRegistryConfigurationWarnings(extRegSecretClusterWide *corev1.Secret, extRegSecretsNamespacedScope []corev1.Secret, s *systemState) {
-	// runtime secrets (namespaced scope) exist
-	for _, secret := range extRegSecretsNamespacedScope {
-		s.warningBuilder.With(fmt.Sprintf(extNamespacedScopeSecretsDetectedFormat, secret.Namespace, secret.Namespace, secret.Name, secret.Name))
-	}
-
-	// runtime secret (cluster wide) exist and it's other than this under secretName
-	if extRegSecretClusterWide != nil && isRegistrySecretName(s.instance.Spec.DockerRegistry) &&
-		extRegSecretClusterWide.Name != *s.instance.Spec.DockerRegistry.SecretName {
-		s.warningBuilder.With(fmt.Sprintf(extRegSecDiffThanSpecFormat, extRegSecretClusterWide.Namespace, extRegSecretClusterWide.Name, extRegSecretClusterWide.Name))
-	}
-
-	// runtime secret exist and secretName field is empty
-	if extRegSecretClusterWide != nil && !isRegistrySecretName(s.instance.Spec.DockerRegistry) {
-		s.warningBuilder.With(fmt.Sprintf(extRegSecNotInSpecFormat, extRegSecretClusterWide.Namespace, extRegSecretClusterWide.Name, extRegSecretClusterWide.Name))
-	}
+func addRegistryConfigurationWarnings(s *systemState) {
 
 	// enableInternal is true and secretName is used
 	if getEnableInternal(s.instance.Spec.DockerRegistry) && isRegistrySecretName(s.instance.Spec.DockerRegistry) {
 		s.warningBuilder.With(internalEnabledAndSecretNameUsedMessage)
 	}
 }
 
-func setRuntimeRegistryConfig(secret *corev1.Secret, s *systemState) {
-	s.instance.Status.DockerRegistry = string(secret.Data["serverAddress"])
-}
-
 func setInternalRegistryConfig(ctx context.Context, r *reconciler, s *systemState) error {
 	s.instance.Status.DockerRegistry = "internal"
 	s.flagsBuilder.WithRegistryEnableInternal(