From aff1ceed8f8dd4bf3cb2ff765de68c615c34efbc Mon Sep 17 00:00:00 2001 From: greg pereira Date: Tue, 2 Apr 2024 09:50:29 -0700 Subject: [PATCH 1/2] swapping default monitoring behaviour to off --- api/v1alpha1/common.go | 2 +- .../rhtas-operator.clusterserviceversion.yaml | 6 +++--- bundle/manifests/rhtas.redhat.com_fulcios.yaml | 2 +- bundle/manifests/rhtas.redhat.com_rekors.yaml | 2 +- bundle/manifests/rhtas.redhat.com_securesigns.yaml | 4 ++-- bundle/metadata/annotations.yaml | 11 ----------- config/crd/bases/rhtas.redhat.com_fulcios.yaml | 2 +- config/crd/bases/rhtas.redhat.com_rekors.yaml | 2 +- config/crd/bases/rhtas.redhat.com_securesigns.yaml | 4 ++-- config/default/manager_auth_proxy_patch.yaml | 2 +- config/samples/rhtas_v1alpha1_securesign.yaml | 4 ++-- 11 files changed, 15 insertions(+), 26 deletions(-) diff --git a/api/v1alpha1/common.go b/api/v1alpha1/common.go index 3bb8edbd..4eeec693 100644 --- a/api/v1alpha1/common.go +++ b/api/v1alpha1/common.go @@ -17,7 +17,7 @@ type ExternalAccess struct { type MonitoringConfig struct { // If true, the Operator will create monitoring resources //+kubebuilder:validation:XValidation:rule=(self || !oldSelf),message=Feature cannot be disabled - //+kubebuilder:default:=true + //+kubebuilder:default:=false Enabled bool `json:"enabled"` } diff --git a/bundle/manifests/rhtas-operator.clusterserviceversion.yaml b/bundle/manifests/rhtas-operator.clusterserviceversion.yaml index 59c193de..ed1d6730 100644 --- a/bundle/manifests/rhtas-operator.clusterserviceversion.yaml +++ b/bundle/manifests/rhtas-operator.clusterserviceversion.yaml @@ -110,7 +110,7 @@ metadata: "enabled": true }, "monitoring": { - "enabled": true + "enabled": false } }, "rekor": { @@ -118,7 +118,7 @@ metadata: "enabled": true }, "monitoring": { - "enabled": true + "enabled": false } }, "trillian": { @@ -189,7 +189,7 @@ metadata: } ] capabilities: Basic Install - createdAt: "2024-04-02T08:05:15Z" + createdAt: "2024-04-02T16:39:44Z" operators.operatorframework.io/builder: operator-sdk-v1.32.0 operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 name: rhtas-operator.v1.0.0 diff --git a/bundle/manifests/rhtas.redhat.com_fulcios.yaml b/bundle/manifests/rhtas.redhat.com_fulcios.yaml index c96f1169..ac60e7c3 100644 --- a/bundle/manifests/rhtas.redhat.com_fulcios.yaml +++ b/bundle/manifests/rhtas.redhat.com_fulcios.yaml @@ -241,7 +241,7 @@ spec: description: Enable Service monitors for fulcio properties: enabled: - default: true + default: false description: If true, the Operator will create monitoring resources type: boolean x-kubernetes-validations: diff --git a/bundle/manifests/rhtas.redhat.com_rekors.yaml b/bundle/manifests/rhtas.redhat.com_rekors.yaml index c17d9f87..5c2781fb 100644 --- a/bundle/manifests/rhtas.redhat.com_rekors.yaml +++ b/bundle/manifests/rhtas.redhat.com_rekors.yaml @@ -91,7 +91,7 @@ spec: description: Enable Service monitors for rekor properties: enabled: - default: true + default: false description: If true, the Operator will create monitoring resources type: boolean x-kubernetes-validations: diff --git a/bundle/manifests/rhtas.redhat.com_securesigns.yaml b/bundle/manifests/rhtas.redhat.com_securesigns.yaml index a3c44aa6..f1371ede 100644 --- a/bundle/manifests/rhtas.redhat.com_securesigns.yaml +++ b/bundle/manifests/rhtas.redhat.com_securesigns.yaml @@ -347,7 +347,7 @@ spec: description: Enable Service monitors for fulcio properties: enabled: - default: true + default: false description: If true, the Operator will create monitoring resources type: boolean @@ -419,7 +419,7 @@ spec: description: Enable Service monitors for rekor properties: enabled: - default: true + default: false description: If true, the Operator will create monitoring resources type: boolean diff --git a/bundle/metadata/annotations.yaml b/bundle/metadata/annotations.yaml index afff15d7..05e378f9 100644 --- a/bundle/metadata/annotations.yaml +++ b/bundle/metadata/annotations.yaml @@ -23,14 +23,3 @@ annotations: features.operators.openshift.io/token-auth-aws: "false" features.operators.openshift.io/token-auth-azure: "false" features.operators.openshift.io/token-auth-gcp: "false" - - features.operators.openshift.io/disconnected: "false" - features.operators.openshift.io/fips-compliant: "false" - features.operators.openshift.io/proxy-aware: "false" - features.operators.openshift.io/cnf: "false" - features.operators.openshift.io/cni: "false" - features.operators.openshift.io/csi: "false" - features.operators.openshift.io/tls-profiles: "false" - features.operators.openshift.io/token-auth-aws: "false" - features.operators.openshift.io/token-auth-azure: "false" - features.operators.openshift.io/token-auth-gcp: "false" diff --git a/config/crd/bases/rhtas.redhat.com_fulcios.yaml b/config/crd/bases/rhtas.redhat.com_fulcios.yaml index 9a198ab4..d0da89e8 100644 --- a/config/crd/bases/rhtas.redhat.com_fulcios.yaml +++ b/config/crd/bases/rhtas.redhat.com_fulcios.yaml @@ -241,7 +241,7 @@ spec: description: Enable Service monitors for fulcio properties: enabled: - default: true + default: false description: If true, the Operator will create monitoring resources type: boolean x-kubernetes-validations: diff --git a/config/crd/bases/rhtas.redhat.com_rekors.yaml b/config/crd/bases/rhtas.redhat.com_rekors.yaml index 3a3dd461..36b81800 100644 --- a/config/crd/bases/rhtas.redhat.com_rekors.yaml +++ b/config/crd/bases/rhtas.redhat.com_rekors.yaml @@ -91,7 +91,7 @@ spec: description: Enable Service monitors for rekor properties: enabled: - default: true + default: false description: If true, the Operator will create monitoring resources type: boolean x-kubernetes-validations: diff --git a/config/crd/bases/rhtas.redhat.com_securesigns.yaml b/config/crd/bases/rhtas.redhat.com_securesigns.yaml index 29347d5a..fd51332d 100644 --- a/config/crd/bases/rhtas.redhat.com_securesigns.yaml +++ b/config/crd/bases/rhtas.redhat.com_securesigns.yaml @@ -347,7 +347,7 @@ spec: description: Enable Service monitors for fulcio properties: enabled: - default: true + default: false description: If true, the Operator will create monitoring resources type: boolean @@ -419,7 +419,7 @@ spec: description: Enable Service monitors for rekor properties: enabled: - default: true + default: false description: If true, the Operator will create monitoring resources type: boolean diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml index b2e8355f..61243c8a 100644 --- a/config/default/manager_auth_proxy_patch.yaml +++ b/config/default/manager_auth_proxy_patch.yaml @@ -31,7 +31,7 @@ spec: capabilities: drop: - "ALL" - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1 + image: gcr.io/kubebuilder/kube-rbac-proxy@sha256:d4883d7c622683b3319b5e6b3a7edfbf2594c18060131a8bf64504805f875522 args: - "--secure-listen-address=0.0.0.0:8443" - "--upstream=http://127.0.0.1:8080/" diff --git a/config/samples/rhtas_v1alpha1_securesign.yaml b/config/samples/rhtas_v1alpha1_securesign.yaml index 0a72542b..64ca2f22 100644 --- a/config/samples/rhtas_v1alpha1_securesign.yaml +++ b/config/samples/rhtas_v1alpha1_securesign.yaml @@ -12,7 +12,7 @@ spec: externalAccess: enabled: true monitoring: - enabled: true + enabled: false trillian: database: create: true @@ -30,7 +30,7 @@ spec: organizationEmail: jdoe@redhat.com commonName: fulcio.hostname monitoring: - enabled: true + enabled: false tuf: externalAccess: enabled: true From 686d60576552321b078d957d525d3e4f58f4eb29 Mon Sep 17 00:00:00 2001 From: greg pereira Date: Tue, 2 Apr 2024 09:51:09 -0700 Subject: [PATCH 2/2] unifying operator-sdk verison references to downgraded v1.32.0 Signed-off-by: greg pereira --- Makefile | 2 +- bundle.Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 9511cbac..4b0d2f55 100644 --- a/Makefile +++ b/Makefile @@ -49,7 +49,7 @@ endif # Set the Operator SDK version to use. By default, what is installed on the system is used. # This is useful for CI or a project to utilize a specific version of the operator-sdk toolkit. -OPERATOR_SDK_VERSION ?= v1.33.0 +OPERATOR_SDK_VERSION ?= v1.32.0 # Image URL to use all building/pushing image targets ifdef IMAGE_TAG diff --git a/bundle.Dockerfile b/bundle.Dockerfile index 4b038e2b..ce159b9a 100644 --- a/bundle.Dockerfile +++ b/bundle.Dockerfile @@ -6,7 +6,7 @@ LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ LABEL operators.operatorframework.io.bundle.package.v1=rhtas-operator LABEL operators.operatorframework.io.bundle.channels.v1=alpha -LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.33.0 +LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.32.0 LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 LABEL operators.operatorframework.io.metrics.project_layout=go.kubebuilder.io/v3