securesign · JasonPowr · Apr 24, 2024 · Apr 2, 2024
diff --git a/api/v1alpha1/common.go b/api/v1alpha1/common.go
@@ -17,7 +17,7 @@ type ExternalAccess struct {
 type MonitoringConfig struct {
 	// If true, the Operator will create monitoring resources
 	//+kubebuilder:validation:XValidation:rule=(self || !oldSelf),message=Feature cannot be disabled
-	//+kubebuilder:default:=false
+	//+kubebuilder:default:=true
 	Enabled bool `json:"enabled"`
 }
 

diff --git a/api/v1alpha1/fulcio_types_test.go b/api/v1alpha1/fulcio_types_test.go
@@ -142,7 +142,7 @@ var _ = Describe("Fulcio", func() {
 				validObject.Spec.Config.MetaIssuers = []OIDCIssuer{
 					{
 						ClientID: "client",
-						Type: "email",
+						Type:     "email",
 					},
 				}
 

diff --git a/api/v1alpha1/securesign_types.go b/api/v1alpha1/securesign_types.go
@@ -28,10 +28,6 @@ type SecuresignSpec struct {
 	Rekor    RekorSpec    `json:"rekor,omitempty"`
 	Fulcio   FulcioSpec   `json:"fulcio,omitempty"`
 	Trillian TrillianSpec `json:"trillian,omitempty"`
-	// If true, the Operator will create segment backup job and cronjob and required RBAC
-	//+kubebuilder:validation:XValidation:rule=(self || !oldSelf),message=Feature cannot be disabled
-	//+kubebuilder:default:=false
-	Analytics bool `json:"analytics"`
 	//+kubebuilder:default:={keys:{{name: rekor.pub},{name: ctfe.pub},{name: fulcio_v1.crt.pem}}}
 	Tuf   TufSpec   `json:"tuf,omitempty"`
 	Ctlog CTlogSpec `json:"ctlog,omitempty"`

diff --git a/bundle/manifests/rhtas-operator.clusterserviceversion.yaml b/bundle/manifests/rhtas-operator.clusterserviceversion.yaml
@@ -101,15 +101,15 @@ metadata:
                 "enabled": true
               },
               "monitoring": {
-                "enabled": false
+                "enabled": true
               }
             },
             "rekor": {
               "externalAccess": {
                 "enabled": true
               },
               "monitoring": {
-                "enabled": false
+                "enabled": true
               }
             },
             "trillian": {

diff --git a/bundle/manifests/rhtas.redhat.com_fulcios.yaml b/bundle/manifests/rhtas.redhat.com_fulcios.yaml
@@ -242,7 +242,7 @@ spec:
                 description: Enable Service monitors for fulcio
                 properties:
                   enabled:
-                    default: false
+                    default: true
                     description: If true, the Operator will create monitoring resources
                     type: boolean
                     x-kubernetes-validations:

diff --git a/bundle/manifests/rhtas.redhat.com_rekors.yaml b/bundle/manifests/rhtas.redhat.com_rekors.yaml
@@ -91,7 +91,7 @@ spec:
                 description: Enable Service monitors for rekor
                 properties:
                   enabled:
-                    default: false
+                    default: true
                     description: If true, the Operator will create monitoring resources
                     type: boolean
                     x-kubernetes-validations:

diff --git a/bundle/manifests/rhtas.redhat.com_securesigns.yaml b/bundle/manifests/rhtas.redhat.com_securesigns.yaml
@@ -371,7 +371,7 @@ spec:
                     description: Enable Service monitors for fulcio
                     properties:
                       enabled:
-                        default: false
+                        default: true
                         description: If true, the Operator will create monitoring
                           resources
                         type: boolean
@@ -443,7 +443,7 @@ spec:
                     description: Enable Service monitors for rekor
                     properties:
                       enabled:
-                        default: false
+                        default: true
                         description: If true, the Operator will create monitoring
                           resources
                         type: boolean

diff --git a/config/crd/bases/rhtas.redhat.com_ctlogs.yaml b/config/crd/bases/rhtas.redhat.com_ctlogs.yaml
@@ -48,7 +48,7 @@ spec:
                 description: Enable Service monitors for ctlog
                 properties:
                   enabled:
-                    default: false
+                    default: true
                     description: If true, the Operator will create monitoring resources
                     type: boolean
                     x-kubernetes-validations:

diff --git a/config/crd/bases/rhtas.redhat.com_fulcios.yaml b/config/crd/bases/rhtas.redhat.com_fulcios.yaml
@@ -242,7 +242,7 @@ spec:
                 description: Enable Service monitors for fulcio
                 properties:
                   enabled:
-                    default: false
+                    default: true
                     description: If true, the Operator will create monitoring resources
                     type: boolean
                     x-kubernetes-validations:

diff --git a/config/crd/bases/rhtas.redhat.com_rekors.yaml b/config/crd/bases/rhtas.redhat.com_rekors.yaml
@@ -91,7 +91,7 @@ spec:
                 description: Enable Service monitors for rekor
                 properties:
                   enabled:
-                    default: false
+                    default: true
                     description: If true, the Operator will create monitoring resources
                     type: boolean
                     x-kubernetes-validations:

diff --git a/config/crd/bases/rhtas.redhat.com_securesigns.yaml b/config/crd/bases/rhtas.redhat.com_securesigns.yaml
@@ -56,22 +56,14 @@ spec:
           spec:
             description: SecuresignSpec defines the desired state of Securesign
             properties:
-              analytics:
-                default: false
-                description: If true, the Operator will create segment backup job
-                  and cronjob and required RBAC
-                type: boolean
-                x-kubernetes-validations:
-                - message: Feature cannot be disabled
-                  rule: (self || !oldSelf)
               ctlog:
                 description: CTlogSpec defines the desired state of CTlog component
                 properties:
                   monitoring:
                     description: Enable Service monitors for ctlog
                     properties:
                       enabled:
-                        default: false
+                        default: true
                         description: If true, the Operator will create monitoring
                           resources
                         type: boolean
@@ -371,7 +363,7 @@ spec:
                     description: Enable Service monitors for fulcio
                     properties:
                       enabled:
-                        default: false
+                        default: true
                         description: If true, the Operator will create monitoring
                           resources
                         type: boolean
@@ -443,7 +435,7 @@ spec:
                     description: Enable Service monitors for rekor
                     properties:
                       enabled:
-                        default: false
+                        default: true
                         description: If true, the Operator will create monitoring
                           resources
                         type: boolean
@@ -641,7 +633,7 @@ spec:
                     description: Enable Monitoring for Logsigner and Logserver
                     properties:
                       enabled:
-                        default: false
+                        default: true
                         description: If true, the Operator will create monitoring
                           resources
                         type: boolean
@@ -723,8 +715,6 @@ spec:
                     minimum: 1
                     type: integer
                 type: object
-            required:
-            - analytics
             type: object
           status:
             description: SecuresignStatus defines the observed state of Securesign

diff --git a/config/crd/bases/rhtas.redhat.com_trillians.yaml b/config/crd/bases/rhtas.redhat.com_trillians.yaml
@@ -125,7 +125,7 @@ spec:
                 description: Enable Monitoring for Logsigner and Logserver
                 properties:
                   enabled:
-                    default: false
+                    default: true
                     description: If true, the Operator will create monitoring resources
                     type: boolean
                     x-kubernetes-validations:

diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -158,6 +158,14 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - monitoring.coreos.com
+  resources:
+  - prometheuses/api
+  verbs:
+  - create
+  - get
+  - update
 - apiGroups:
   - monitoring.coreos.com
   resources:
@@ -233,6 +241,7 @@ rules:
   verbs:
   - create
   - delete
+  - deletecollection
   - get
   - list
   - patch
@@ -245,6 +254,7 @@ rules:
   verbs:
   - create
   - delete
+  - deletecollection
   - get
   - list
   - patch
@@ -257,6 +267,7 @@ rules:
   verbs:
   - create
   - delete
+  - deletecollection
   - get
   - list
   - patch

diff --git a/config/samples/rhtas_v1alpha1_securesign.yaml b/config/samples/rhtas_v1alpha1_securesign.yaml
@@ -5,14 +5,15 @@ metadata:
     app.kubernetes.io/name: securesign-sample
     app.kubernetes.io/instance: securesign-sample
     app.kubernetes.io/part-of: trusted-artifact-signer
+  annotations:
+    rhtas.redhat.com/metrics: "true"
   name: securesign-sample
-  namespace: rhtas-operator
 spec:
   rekor:
     externalAccess:
       enabled: true
     monitoring:
-      enabled: false
+      enabled: true
   trillian:
     database:
       create: true
@@ -30,7 +31,7 @@ spec:
       organizationEmail: jdoe@redhat.com
       commonName: fulcio.hostname
     monitoring:
-      enabled: false
+      enabled: true
   tuf:
     externalAccess:
       enabled: true