ROX-32760: Remove the addon reconciliation logic

.agents/config-expert-river.md

@@ -299,7 +299,6 @@ River has expertise in identifying unused configuration fields, optimizing confi
 **3. Client Library Configurations:**
 - `pkg/client/iam/IAMConfig` - Identity and access management configuration
 - `pkg/client/ocm/impl/OCMConfig` - OpenShift Cluster Manager client configuration
-- `pkg/client/ocm/impl/AddonConfig` - OCM addon configuration
 - `pkg/client/telemetry/TelemetryConfigImpl` - Telemetry and phone-home configuration
 
 **4. Server Infrastructure Configurations:**
@@ -320,7 +319,6 @@ River has expertise in identifying unused configuration fields, optimizing confi
 - `TenantResourceConfig` - Tenant resource allocation and overrides
 - `AuthProviderConfig` - Additional auth provider configurations for centrals
 - `DataPlaneClusterConfig` - GitOps data plane cluster definitions
-- `AddonConfig` - Addon installation configuration
 
 **7. Sub-configurations and Nested Structs:**
 - `ManagedDB` (fleetshard) - Managed database configuration for RDS

.pre-commit-config.yaml

@@ -8,7 +8,7 @@ repos:
       require_serial: true
       pass_filenames: true
       stages: [pre-push, manual]
-      files: '(openapi/.*|pkg/workers/worker_interface.go|pkg/client/ocm/id.go|pkg/client/aws/client.go|pkg/client/ocm/client.go|pkg/client/iam/client.go|pkg/services/authorization/authorization.go|pkg/services/sso/iam_service.go|pkg/client/redhatsso/client.go|pkg/auth/auth_agent_service.go|internal/central/pkg/services/cluster_placement_strategy.go|internal/central/pkg/services/cloud_providers.go|internal/central/pkg/services/clusters.go|internal/central/pkg/services/quota.go|internal/central/pkg/services/fleetshard_operator_addon.go|internal/central/pkg/services/quota_service_factory.go|internal/central/pkg/clusters/cluster_builder.go|internal/central/pkg/clusters/provider.go|internal/central/pkg/services/central.go)'
+      files: '(openapi/.*|pkg/workers/worker_interface.go|pkg/client/ocm/id.go|pkg/client/aws/client.go|pkg/client/ocm/client.go|pkg/client/iam/client.go|pkg/services/authorization/authorization.go|pkg/services/sso/iam_service.go|pkg/client/redhatsso/client.go|pkg/auth/auth_agent_service.go|internal/central/pkg/services/cluster_placement_strategy.go|internal/central/pkg/services/cloud_providers.go|internal/central/pkg/services/clusters.go|internal/central/pkg/services/quota.go|internal/central/pkg/services/quota_service_factory.go|internal/central/pkg/clusters/cluster_builder.go|internal/central/pkg/clusters/provider.go|internal/central/pkg/services/central.go)'
   - repo: https://github.com/Yelp/detect-secrets
     rev: v1.5.0
     hooks:

.secrets.baseline

@@ -278,7 +278,7 @@
         "filename": "pkg/client/fleetmanager/mocks/client_moq.go",
         "hashed_secret": "44e17306b837162269a410204daaa5ecee4ec22c",
         "is_verified": false,
-        "line_number": 760
+        "line_number": 704
       }
     ],
     "pkg/client/redhatsso/api/api/openapi.yaml": [
@@ -296,63 +296,63 @@
         "filename": "templates/service-template.yml",
         "hashed_secret": "13032f402fed753c2248419ea4f69f99931f6dbc",
         "is_verified": false,
-        "line_number": 450
+        "line_number": 442
       },
       {
         "type": "Base64 High Entropy String",
         "filename": "templates/service-template.yml",
         "hashed_secret": "30025f80f6e22cdafb85db387d50f90ea884576a",
         "is_verified": false,
-        "line_number": 450
+        "line_number": 442
       },
       {
         "type": "Base64 High Entropy String",
         "filename": "templates/service-template.yml",
         "hashed_secret": "355f24fd038bcaf85617abdcaa64af51ed19bbcf",
         "is_verified": false,
-        "line_number": 450
+        "line_number": 442
       },
       {
         "type": "Base64 High Entropy String",
         "filename": "templates/service-template.yml",
         "hashed_secret": "3d8a1dcd2c3c765ce35c9a9552d23273cc4ddace",
         "is_verified": false,
-        "line_number": 450
+        "line_number": 442
       },
       {
         "type": "Base64 High Entropy String",
         "filename": "templates/service-template.yml",
         "hashed_secret": "4ac7b0522761eba972467942cd5cd7499dd2c361",
         "is_verified": false,
-        "line_number": 450
+        "line_number": 442
       },
       {
         "type": "Base64 High Entropy String",
         "filename": "templates/service-template.yml",
         "hashed_secret": "7639ab2a6bcf2ea30a055a99468c9cd844d4c22a",
         "is_verified": false,
-        "line_number": 450
+        "line_number": 442
       },
       {
         "type": "Base64 High Entropy String",
         "filename": "templates/service-template.yml",
         "hashed_secret": "b56360daf4793d2a74991a972b34d95bc00fb2da",
         "is_verified": false,
-        "line_number": 450
+        "line_number": 442
       },
       {
         "type": "Base64 High Entropy String",
         "filename": "templates/service-template.yml",
         "hashed_secret": "c9a73ef9ee8ce9f38437227801c70bcc6740d1a1",
         "is_verified": false,
-        "line_number": 450
+        "line_number": 442
       },
       {
         "type": "Secret Keyword",
         "filename": "templates/service-template.yml",
         "hashed_secret": "4e199b4a1c40b497a95fcd1cd896351733849949",
         "is_verified": false,
-        "line_number": 633,
+        "line_number": 625,
         "is_secret": false
       }
     ],
@@ -382,5 +382,5 @@
       }
     ]
   },
-  "generated_at": "2026-01-23T11:01:34Z"
+  "generated_at": "2026-01-26T16:35:51Z"
 }

Makefile

@@ -598,9 +598,6 @@ secrets/touch:
           secrets/ocm-service.clientId \
           secrets/ocm-service.clientSecret \
           secrets/ocm-service.token \
-          secrets/ocm-addon-service.clientId \
-          secrets/ocm-addon-service.clientSecret \
-          secrets/ocm-addon-service.token \
           secrets/rhsso-logs.clientId \
           secrets/rhsso-logs.clientSecret \
           secrets/rhsso-metrics.clientId \
@@ -632,11 +629,8 @@ centralidp/setup:
 ocm/setup: OCM_OFFLINE_TOKEN ?= "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c" # pragma: allowlist secret
 ocm/setup:
 	@echo -n "$(OCM_OFFLINE_TOKEN)" > secrets/ocm-service.token
-	@echo -n "$(OCM_OFFLINE_TOKEN)" > secrets/ocm-addon-service.token
 	@echo -n "" > secrets/ocm-service.clientId
 	@echo -n "" > secrets/ocm-service.clientSecret
-	@echo -n "" > secrets/ocm-addon-service.clientId
-	@echo -n "" > secrets/ocm-addon-service.clientSecret
 .PHONY: ocm/setup
 
 # create project where the service will be deployed in an OpenShift cluster
@@ -657,9 +651,6 @@ deploy/secrets:
 		-p OCM_SERVICE_CLIENT_ID="$(shell ([ -s './secrets/ocm-service.clientId' ] && [ -z '${OCM_SERVICE_CLIENT_ID}' ]) && cat ./secrets/ocm-service.clientId || echo '${OCM_SERVICE_CLIENT_ID}')" \
 		-p OCM_SERVICE_CLIENT_SECRET="$(shell ([ -s './secrets/ocm-service.clientSecret' ] && [ -z '${OCM_SERVICE_CLIENT_SECRET}' ]) && cat ./secrets/ocm-service.clientSecret || echo '${OCM_SERVICE_CLIENT_SECRET}')" \
 		-p OCM_SERVICE_TOKEN="$(shell ([ -s './secrets/ocm-service.token' ] && [ -z '${OCM_SERVICE_TOKEN}' ]) && cat ./secrets/ocm-service.token || echo '${OCM_SERVICE_TOKEN}')" \
-		-p OCM_ADDON_SERVICE_CLIENT_ID="$(shell ([ -s './secrets/ocm-addon-service.clientId' ] && [ -z '${OCM_ADDON_SERVICE_CLIENT_ID}' ]) && cat ./secrets/ocm-addon-service.clientId || echo '${OCM_ADDON_SERVICE_CLIENT_ID}')" \
-		-p OCM_ADDON_SERVICE_CLIENT_SECRET="$(shell ([ -s './secrets/ocm-addon-service.clientSecret' ] && [ -z '${OCM_ADDON_SERVICE_CLIENT_SECRET}' ]) && cat ./secrets/ocm-addon-service.clientSecret || echo '${OCM_ADDON_SERVICE_CLIENT_SECRET}')" \
-		-p OCM_ADDON_SERVICE_TOKEN="$(shell ([ -s './secrets/ocm-addon-service.token' ] && [ -z '${OCM_ADDON_SERVICE_TOKEN}' ]) && cat ./secrets/ocm-addon-service.token || echo '${OCM_ADDON_SERVICE_TOKEN}')" \
 		-p AWS_ACCESS_KEY="$(shell ([ -s './secrets/aws.accesskey' ] && [ -z '${AWS_ACCESS_KEY}' ]) && cat ./secrets/aws.accesskey || echo '${AWS_ACCESS_KEY}')" \
 		-p AWS_ACCOUNT_ID="$(shell ([ -s './secrets/aws.accountid' ] && [ -z '${AWS_ACCOUNT_ID}' ]) && cat ./secrets/aws.accountid || echo '${AWS_ACCOUNT_ID}')" \
 		-p AWS_SECRET_ACCESS_KEY="$(shell ([ -s './secrets/aws.secretaccesskey' ] && [ -z '${AWS_SECRET_ACCESS_KEY}' ]) && cat ./secrets/aws.secretaccesskey || echo '${AWS_SECRET_ACCESS_KEY}')" \
@@ -702,7 +693,6 @@ deploy/service: ENABLE_CENTRAL_EXTERNAL_DOMAIN ?= "false"
 deploy/service: ENABLE_CENTRAL_LIFE_SPAN ?= "false"
 deploy/service: CENTRAL_LIFE_SPAN ?= "48"
 deploy/service: OCM_URL ?= "https://api.stage.openshift.com"
-deploy/service: OCM_ADDON_SERVICE_URL ?= "https://api.stage.openshift.com"
 deploy/service: SERVICE_PUBLIC_HOST_URL ?= "https://api.openshift.com"
 deploy/service: ENABLE_TERMS_ACCEPTANCE ?= "false"
 deploy/service: ENABLE_DENY_LIST ?= "false"
@@ -738,7 +728,6 @@ endif
 		-p ENABLE_OCM_MOCK=$(ENABLE_OCM_MOCK) \
 		-p OCM_MOCK_MODE=$(OCM_MOCK_MODE) \
 		-p OCM_URL="$(OCM_URL)" \
-		-p OCM_ADDON_SERVICE_URL="$(OCM_ADDON_SERVICE_URL)" \
 		-p AMS_URL="${AMS_URL}" \
 		-p SERVICE_PUBLIC_HOST_URL="https://$(shell oc get routes/fleet-manager -o jsonpath="{.spec.host}" -n $(NAMESPACE))" \
 		-p ENABLE_TERMS_ACCEPTANCE="${ENABLE_TERMS_ACCEPTANCE}" \

config/emailsender-authz.yaml

@@ -1,7 +1,6 @@
-# For development we use ocm tokens issued by RH SSO to authenticate to emailsender API
-# for prod we use serviceaccount issued by the OSD cluster for centrals
-# this file should be replaced by a secret/configmap mounted to emailsender
-# with the fitting values per cluster through the fleetshard addon
+# For development, we use ocm tokens issued by RH SSO to authenticate to emailsender API.
+# For prod, we use serviceaccount issued by the OSD cluster for centrals.
+# This file should be replaced by a secret/configmap mounted to emailsender with the fitting values per cluster.
 ---
 jwks_urls:
   - "https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/certs"

dashboards/grafana-dashboard-acs-fleet-manager.configmap.yaml

@@ -724,108 +724,6 @@ data:
             "type": "prometheus"
           },
           "description": "The number of centrals with no quota allowance."
-        },
-        {
-          "datasource": {
-            "type": "prometheus",
-            "uid": "${datasource}"
-          },
-          "description": "Shows the addon installation status on the Data Plane clusters ",
-          "fieldConfig": {
-            "defaults": {
-              "color": {
-                "mode": "thresholds"
-              },
-              "custom": {
-                "fillOpacity": 70,
-                "hideFrom": {
-                  "legend": false,
-                  "tooltip": false,
-                  "viz": false
-                },
-                "insertNulls": false,
-                "lineWidth": 0,
-                "spanNulls": false
-              },
-              "fieldMinMax": false,
-              "mappings": [
-                {
-                  "options": {
-                    "0": {
-                      "color": "green",
-                      "index": 0,
-                      "text": "Healthy"
-                    },
-                    "1": {
-                      "color": "orange",
-                      "index": 1,
-                      "text": "Upgrade"
-                    },
-                    "2": {
-                      "color": "red",
-                      "index": 1,
-                      "text": "Unhealthy"
-                    }
-                  },
-                  "type": "value"
-                }
-              ],
-              "thresholds": {
-                "mode": "absolute",
-                "steps": [
-                  {
-                    "color": "green",
-                    "value": null
-                  }
-                ]
-              }
-            },
-            "overrides": []
-          },
-          "gridPos": {
-            "h": 8,
-            "w": 12,
-            "x": 12,
-            "y": 42
-          },
-          "id": 16,
-          "options": {
-            "alignValue": "left",
-            "legend": {
-              "displayMode": "list",
-              "placement": "bottom",
-              "showLegend": true
-            },
-            "mergeValues": false,
-            "rowHeight": 0.9,
-            "showValue": "auto",
-            "tooltip": {
-              "mode": "single",
-              "sort": "none"
-            }
-          },
-          "targets": [
-            {
-              "datasource": {
-                "type": "prometheus",
-                "uid": "${datasource}"
-              },
-              "disableTextWrap": false,
-              "editorMode": "code",
-              "exemplar": false,
-              "expr": "max by(cluster_name) (acs_fleet_manager_cluster_addon_status{id=~\"acs-fleetshard-dev|acs-fleetshard-qe|acs-fleetshard\"})",
-              "format": "time_series",
-              "fullMetaSearch": false,
-              "includeNullMetadata": true,
-              "instant": false,
-              "legendFormat": "__auto",
-              "range": true,
-              "refId": "A",
-              "useBackend": false
-            }
-          ],
-          "title": "Addon Status",
-          "type": "state-timeline"
         }
       ],
       "schemaVersion": 37,

deploy/charts/fleetshard-sync/templates/deployment.yaml

@@ -130,10 +130,6 @@ spec:
           value: {{ .Values.gitops.enabled | quote }}
         - name: RHACS_TARGETED_OPERATOR_UPGRADES
           value: {{ .Values.targetedOperatorUpgrades.enabled | quote }}
-        - name: RHACS_ADDON_AUTO_UPGRADE
-          value: {{ .Values.addonAutoUpgradeEnabled | quote }}
-        - name: FLEETSHARD_ADDON_NAME
-          value: {{ .Values.addonName | quote }}
         {{- if eq "SERVICE_ACCOUNT_TOKEN" .Values.authType }}
         - name: FLEET_MANAGER_TOKEN_FILE
           value: "/var/run/secrets/tokens/fleet-manager-token"

deploy/charts/fleetshard-sync/values.yaml

@@ -54,8 +54,6 @@ targetedOperatorUpgrades:
 affinity: {}
 nodeSelector: {}
 tolerations: []
-addonAutoUpgradeEnabled: true
-addonName: acs-fleetshard
 tenantImagePullSecret:
   name: ""
   key: .dockerconfigjson

dev/env/defaults/00-defaults.env

@@ -30,9 +30,6 @@ export EMAIL_SENDER_IMAGE_DEFAULT=""
 export OCM_SERVICE_CLIENT_ID_DEFAULT=""
 export OCM_SERVICE_CLIENT_SECRET_DEFAULT=""
 export OCM_SERVICE_TOKEN_DEFAULT=""
-export OCM_ADDON_SERVICE_CLIENT_ID_DEFAULT=""
-export OCM_ADDON_SERVICE_CLIENT_SECRET_DEFAULT=""
-export OCM_ADDON_SERVICE_TOKEN_DEFAULT=""
 export ROUTE53_ACCESS_KEY_DEFAULT=""
 export ROUTE53_SECRET_ACCESS_KEY_DEFAULT=""
 export SPAWN_LOGGER_DEFAULT="false"