Review + update docs

pierDipi · pierDipi · commit ef76c90cef00 · 2026-02-18T18:28:50.000+01:00
Signed-off-by: Pierangelo Di Pilato &lt;pierdipi@redhat.com&gt;
diff --git a/Makefile b/Makefile
@@ -57,9 +57,6 @@ deploy-lws: check-kubeconfig clear-cache
 deploy-opendatahub-prerequisites: check-kubeconfig
 	@echo "=== Deploying OpenDataHub prerequisites ==="
 	kubectl create namespace $(KSERVE_NAMESPACE) --dry-run=client -o yaml | kubectl apply -f -
-	-kubectl get secret redhat-pull-secret -n istio-system -o yaml 2>/dev/null | \
-		sed 's/namespace: istio-system/namespace: $(KSERVE_NAMESPACE)/' | \
-		kubectl apply -f - 2>/dev/null || true
 
 deploy-cert-manager-pki: check-kubeconfig deploy-opendatahub-prerequisites
 	@kubectl get crd clusterissuers.cert-manager.io >/dev/null 2>&1 || \
diff --git a/charts/kserve/templates/resources.yaml b/charts/kserve/templates/resources.yaml
@@ -11,7 +11,7 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ $.Values.pullSecret.name }}
+  name: redhat-pull-secret
   namespace: {{ $ns }}
 type: kubernetes.io/dockerconfigjson
 data:
@@ -40,7 +40,7 @@ automountServiceAccountToken: {{ $resource.automountServiceAccountToken }}
 {{- end }}
 {{- if $.Values.pullSecret.dockerConfigJson }}
 imagePullSecrets:
-  - name: {{ $.Values.pullSecret.name }}
+  - name: redhat-pull-secret
   {{- range $resource.imagePullSecrets }}
   - name: {{ .name }}
   {{- end }}
diff --git a/charts/kserve/values.yaml b/charts/kserve/values.yaml
@@ -5,5 +5,4 @@
 # Pull secret for registry.redhat.io
 # Auth is configured in the root values.yaml and passed via helmfile
 pullSecret:
-  name: redhat-pull-secret
   dockerConfigJson: ""  # Set automatically by helmfile from root auth config
diff --git a/docs/deploying-llm-d-on-managed-kubernetes.md b/docs/deploying-llm-d-on-managed-kubernetes.md
@@ -514,10 +514,6 @@ make deploy-kserve
 **Resolution:**
 
 ```bash
-kubectl get secret redhat-pull-secret -n istio-system -o json | \
-  jq 'del(.metadata.resourceVersion, .metadata.uid, .metadata.creationTimestamp, .metadata.annotations, .metadata.labels) | .metadata.namespace = "opendatahub"' | \
-  kubectl create -f -
-
 kubectl patch sa inference-gateway-istio -n opendatahub \
   -p '{"imagePullSecrets": [{"name": "redhat-pull-secret"}]}'
 
diff --git a/docs/gateway-setup-for-kserve.md b/docs/gateway-setup-for-kserve.md
@@ -38,19 +38,7 @@ GATEWAY_NAME=inference-gateway \
 
 ## Manual Setup
 
-### Step 1: Copy Pull Secret
-
-The Gateway pod needs to pull Istio images from `registry.redhat.io`:
-
-```bash
-# Copy pull secret to opendatahub namespace
-kubectl delete secret redhat-pull-secret -n opendatahub --ignore-not-found
-kubectl get secret redhat-pull-secret -n istio-system -o json | \
-  jq 'del(.metadata.resourceVersion, .metadata.uid, .metadata.creationTimestamp, .metadata.annotations, .metadata.labels) | .metadata.namespace = "opendatahub"' | \
-  kubectl create -f -
-```
-
-### Step 2: Extract CA and Create ConfigMap
+### Step 1: Extract CA and Create ConfigMap
 
 ```bash
 # Extract CA certificate from cert-manager secret
@@ -71,7 +59,7 @@ kubectl create configmap odh-ca-bundle \
   --dry-run=client -o yaml | kubectl apply -f -
 ```
 
-### Step 3: Create Gateway Configuration ConfigMap
+### Step 2: Create Gateway Configuration ConfigMap
 
 This configures the Gateway pod to mount the CA bundle at the path expected by
 LLM workloads (`/var/run/secrets/opendatahub/ca.crt`).
@@ -101,7 +89,7 @@ data:
 EOF
 ```
 
-### Step 4: Create the Gateway
+### Step 3: Create the Gateway
 
 ```bash
 kubectl apply -f - <<'EOF'
@@ -129,7 +117,7 @@ spec:
 EOF
 ```
 
-### Step 5: Patch ServiceAccount and Restart Pod
+### Step 4: Patch ServiceAccount and Restart Pod
 
 The Gateway ServiceAccount needs the pull secret to pull Istio images:
 
@@ -147,7 +135,7 @@ kubectl wait --for=condition=Ready pod \
   -n opendatahub --timeout=120s
 ```
 
-### Step 6: Verify
+### Step 5: Verify
 
 ```bash
 # Check Gateway is programmed
diff --git a/scripts/setup-gateway.sh b/scripts/setup-gateway.sh
@@ -172,25 +172,6 @@ EOF
   fi
 }
 
-copy_pull_secret() {
-  log_info "Copying pull secret to ${KSERVE_NAMESPACE}..."
-
-  # Check if pull secret exists in istio-system
-  if ! kubectl get secret "${REDHAT_PULL_SECRET}" -n istio-system &>/dev/null; then
-    log_error "Pull secret ${REDHAT_PULL_SECRET} not found in istio-system namespace"
-    log_error "Run 'make deploy' first to deploy infrastructure with pull secret"
-    return 1
-  fi
-
-  # Delete existing secret to avoid conflicts, then create fresh copy
-  kubectl delete secret "${REDHAT_PULL_SECRET}" -n "${KSERVE_NAMESPACE}" --ignore-not-found
-  kubectl get secret "${REDHAT_PULL_SECRET}" -n istio-system -o yaml | \
-    sed "s/namespace: istio-system/namespace: ${KSERVE_NAMESPACE}/" | \
-    kubectl create -f -
-
-  log_success "Pull secret copied to ${KSERVE_NAMESPACE}"
-}
-
 pull_secret_setup() {
   log_info "Patching ServiceAccount ${ISTIO_SERVICEACCOUNT} with pull secret..."
 
@@ -278,7 +259,6 @@ main() {
     kubectl create namespace "${KSERVE_NAMESPACE}"
   fi
 
-  copy_pull_secret
   setup_ca_bundle
   create_gateway_config
   create_gateway
