cryostatio · ebaron · Mar 19, 2024 · Mar 6, 2024
diff --git a/api/v1beta1/cryostat_conversion.go b/api/v1beta1/cryostat_conversion.go
@@ -42,7 +42,6 @@ func (src *Cryostat) ConvertTo(dstRaw conversion.Hub) error {
 }
 
 func convertSpecTo(src *CryostatSpec, dst *operatorv1beta2.CryostatSpec) {
-	dst.Minimal = src.Minimal
 	dst.EnableCertManager = src.EnableCertManager
 	dst.TrustedCertSecrets = convertCertSecretsTo(src.TrustedCertSecrets)
 	dst.EventTemplates = convertEventTemplatesTo(src.EventTemplates)
@@ -326,7 +325,6 @@ func (dst *Cryostat) ConvertFrom(srcRaw conversion.Hub) error {
 }
 
 func convertSpecFrom(src *operatorv1beta2.CryostatSpec, dst *CryostatSpec) {
-	dst.Minimal = src.Minimal
 	dst.EnableCertManager = src.EnableCertManager
 	dst.TrustedCertSecrets = convertCertSecretsFrom(src.TrustedCertSecrets)
 	dst.EventTemplates = convertEventTemplatesFrom(src.EventTemplates)

diff --git a/api/v1beta1/cryostat_conversion_test.go b/api/v1beta1/cryostat_conversion_test.go
@@ -81,7 +81,10 @@ func tableEntriesTo() []TableEntry {
 		Entry("WS connections", (*test.TestResources).NewCryostatWithWsConnectionsSpecV1Beta1,
 			(*test.TestResources).NewCryostat),
 		Entry("command config", (*test.TestResources).NewCryostatWithCommandConfigV1Beta1,
-			(*test.TestResources).NewCryostatWithIngress))
+			(*test.TestResources).NewCryostatWithIngress),
+		Entry("minimal mode", (*test.TestResources).NewCryostatWithMinimalModeV1Beta1,
+			(*test.TestResources).NewCryostat),
+	)
 }
 
 func tableEntriesFrom() []TableEntry {

diff --git a/api/v1beta2/cryostat_types.go b/api/v1beta2/cryostat_types.go
@@ -31,9 +31,6 @@ type CryostatSpec struct {
 	// +optional
 	// +operator-sdk:csv:customresourcedefinitions:type=spec,order=2
 	TargetNamespaces []string `json:"targetNamespaces,omitempty"`
-	// Deploy a pared-down Cryostat instance with no Grafana Dashboard or JFR Data Source.
-	// +operator-sdk:csv:customresourcedefinitions:type=spec,order=4,displayName="Minimal Deployment",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:booleanSwitch"}
-	Minimal bool `json:"minimal"`
 	// List of TLS certificates to trust when connecting to targets.
 	// +optional
 	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Trusted TLS Certificates"

diff --git a/bundle/manifests/cryostat-operator.clusterserviceversion.yaml b/bundle/manifests/cryostat-operator.clusterserviceversion.yaml
@@ -36,7 +36,6 @@ metadata:
           "spec": {
             "enableCertManager": true,
             "eventTemplates": [],
-            "minimal": false,
             "reportOptions": {
               "replicas": 0
             },
@@ -54,7 +53,7 @@ metadata:
     capabilities: Seamless Upgrades
     categories: Monitoring, Developer Tools
     containerImage: quay.io/cryostat/cryostat-operator:2.5.0-dev
-    createdAt: "2024-03-15T21:38:16Z"
+    createdAt: "2024-03-18T06:34:51Z"
     description: JVM monitoring and profiling tool
     operatorframework.io/initialization-resource: |-
       {
@@ -65,7 +64,6 @@ metadata:
         },
         "spec": {
           "enableCertManager": true,
-          "minimal": false,
           "reportOptions": {
             "replicas": 0
           }
@@ -527,12 +525,6 @@ spec:
         path: enableCertManager
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
-      - description: Deploy a pared-down Cryostat instance with no Grafana Dashboard
-          or JFR Data Source.
-        displayName: Minimal Deployment
-        path: minimal
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
       - description: Override default authorization properties for Cryostat on OpenShift.
         displayName: Authorization Properties
         path: authProperties

diff --git a/bundle/manifests/operator.cryostat.io_cryostats.yaml b/bundle/manifests/operator.cryostat.io_cryostats.yaml
@@ -4844,10 +4844,6 @@ spec:
                       credentials database.
                     type: string
                 type: object
-              minimal:
-                description: Deploy a pared-down Cryostat instance with no Grafana
-                  Dashboard or JFR Data Source.
-                type: boolean
               networkOptions:
                 description: Options to control how the operator exposes the application
                   outside of the cluster, such as using an Ingress or Route.
@@ -9056,8 +9052,6 @@ spec:
                   - secretName
                   type: object
                 type: array
-            required:
-            - minimal
             type: object
           status:
             description: CryostatStatus defines the observed state of Cryostat.

diff --git a/config/crd/bases/operator.cryostat.io_cryostats.yaml b/config/crd/bases/operator.cryostat.io_cryostats.yaml
@@ -4834,10 +4834,6 @@ spec:
                       credentials database.
                     type: string
                 type: object
-              minimal:
-                description: Deploy a pared-down Cryostat instance with no Grafana
-                  Dashboard or JFR Data Source.
-                type: boolean
               networkOptions:
                 description: Options to control how the operator exposes the application
                   outside of the cluster, such as using an Ingress or Route.
@@ -9046,8 +9042,6 @@ spec:
                   - secretName
                   type: object
                 type: array
-            required:
-            - minimal
             type: object
           status:
             description: CryostatStatus defines the observed state of Cryostat.

diff --git a/config/manifests/bases/cryostat-operator.clusterserviceversion.yaml b/config/manifests/bases/cryostat-operator.clusterserviceversion.yaml
@@ -15,7 +15,6 @@ metadata:
         },
         "spec": {
           "enableCertManager": true,
-          "minimal": false,
           "reportOptions": {
             "replicas": 0
           }
@@ -77,12 +76,6 @@ spec:
         path: enableCertManager
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
-      - description: Deploy a pared-down Cryostat instance with no Grafana Dashboard
-          or JFR Data Source.
-        displayName: Minimal Deployment
-        path: minimal
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
       - description: Override default authorization properties for Cryostat on OpenShift.
         displayName: Authorization Properties
         path: authProperties

diff --git a/config/samples/operator_v1beta2_cryostat.yaml b/config/samples/operator_v1beta2_cryostat.yaml
@@ -3,7 +3,6 @@ kind: Cryostat
 metadata:
   name: cryostat-sample
 spec:
-  minimal: false
   enableCertManager: true
   trustedCertSecrets: []
   eventTemplates: []

diff --git a/docs/config.md b/docs/config.md
@@ -20,17 +20,6 @@ When installed in a multi-namespace manner, all users with access to a Cryostat
 
 For now, all authorization checks are done against the namespace where Cryostat is installed. For a user to use Cryostat with workloads in a target namespace, that user must have the necessary Kubernetes permissions in the namespace where Cryostat is installed.
 
-### Minimal Deployment
-The `spec.minimal` property determines what is deployed alongside Cryostat. This value is set to `false` by default, which tells the operator to deploy Cryostat, with a [customized Grafana](https://github.com/cryostatio/cryostat-grafana-dashboard) and a [Grafana Data Source for JFR files](https://github.com/cryostatio/jfr-datasource) as 3 containers within a Pod. When `minimal` is set to `true`, the Deployment consists of only the Cryostat container.
-```yaml
-apiVersion: operator.cryostat.io/v1beta1
-kind: Cryostat
-metadata:
-  name: cryostat-sample
-spec:
-  minimal: true
-```
-
 ### Disabling cert-manager Integration
 By default, the operator expects [cert-manager](https://cert-manager.io/) to be available in the cluster. The operator uses cert-manager to generate a self-signed CA to allow traffic between Cryostat components within the cluster to use HTTPS. If cert-manager is not available in the cluster, this integration can be disabled with the `spec.enableCertManager` property.
 ```yaml

diff --git a/internal/controllers/certmanager.go b/internal/controllers/certmanager.go
@@ -24,7 +24,6 @@ import (
 	resources "github.com/cryostatio/cryostat-operator/internal/controllers/common/resource_definitions"
 	"github.com/cryostatio/cryostat-operator/internal/controllers/model"
 	corev1 "k8s.io/api/core/v1"
-	kerrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
@@ -95,26 +94,13 @@ func (r *Reconciler) setupTLS(ctx context.Context, cr *model.CryostatInstance) (
 	}
 	certificates := []*certv1.Certificate{caCert, cryostatCert, reportsCert}
 	// Create a certificate for Grafana signed by the Cryostat CA
-	if !cr.Spec.Minimal {
-		grafanaCert := resources.NewGrafanaCert(cr)
-		err = r.createOrUpdateCertificate(ctx, grafanaCert, cr.Object)
-		if err != nil {
-			return nil, err
-		}
-		certificates = append(certificates, grafanaCert)
-		tlsConfig.GrafanaSecret = grafanaCert.Spec.SecretName
-	} else {
-		grafanaCert := resources.NewGrafanaCert(cr)
-		secret := secretForCertificate(grafanaCert)
-		err = r.deleteSecret(ctx, secret)
-		if err != nil {
-			return nil, err
-		}
-		err = r.deleteCert(ctx, grafanaCert)
-		if err != nil {
-			return nil, err
-		}
+	grafanaCert := resources.NewGrafanaCert(cr)
+	err = r.createOrUpdateCertificate(ctx, grafanaCert, cr.Object)
+	if err != nil {
+		return nil, err
 	}
+	certificates = append(certificates, grafanaCert)
+	tlsConfig.GrafanaSecret = grafanaCert.Spec.SecretName
 
 	// Update owner references of TLS secrets created by cert-manager to ensure proper cleanup
 	err = r.setCertSecretOwner(ctx, cr.Object, certificates...)
@@ -211,15 +197,6 @@ func (r *Reconciler) setCertSecretOwner(ctx context.Context, owner metav1.Object
 	return nil
 }
 
-func secretForCertificate(cert *certv1.Certificate) *corev1.Secret {
-	return &corev1.Secret{
-		ObjectMeta: metav1.ObjectMeta{
-			Name:      cert.Spec.SecretName,
-			Namespace: cert.Namespace,
-		},
-	}
-}
-
 func (r *Reconciler) certManagerAvailable() (bool, error) {
 	// Check if cert-manager API is available. Checking just one should be enough.
 	_, err := r.RESTMapper.RESTMapping(schema.GroupKind{
@@ -316,16 +293,6 @@ func (r *Reconciler) createOrUpdateCertSecret(ctx context.Context, secret *corev
 	return nil
 }
 
-func (r *Reconciler) deleteCert(ctx context.Context, cert *certv1.Certificate) error {
-	err := r.Client.Delete(ctx, cert)
-	if err != nil && !kerrors.IsNotFound(err) {
-		r.Log.Error(err, "Could not delete certificate", "name", cert.Name, "namespace", cert.Namespace)
-		return err
-	}
-	r.Log.Info("Cert deleted", "name", cert.Name, "namespace", cert.Namespace)
-	return nil
-}
-
 func (r *Reconciler) getCertficateBytes(ctx context.Context, cert *certv1.Certificate) ([]byte, error) {
 	secret, err := r.GetCertificateSecret(ctx, cert)
 	if err != nil {

diff --git a/internal/controllers/common/resource_definitions/resource_definitions.go b/internal/controllers/common/resource_definitions/resource_definitions.go
@@ -237,17 +237,10 @@ func NewDeploymentForReports(cr *model.CryostatInstance, imageTags *ImageTags, t
 
 func NewPodForCR(cr *model.CryostatInstance, specs *ServiceSpecs, imageTags *ImageTags,
 	tls *TLSConfig, fsGroup int64, openshift bool) *corev1.PodSpec {
-	var containers []corev1.Container
-	if cr.Spec.Minimal {
-		containers = []corev1.Container{
-			NewCoreContainer(cr, specs, imageTags.CoreImageTag, tls, openshift),
-		}
-	} else {
-		containers = []corev1.Container{
-			NewCoreContainer(cr, specs, imageTags.CoreImageTag, tls, openshift),
-			NewGrafanaContainer(cr, imageTags.GrafanaImageTag, tls),
-			NewJfrDatasourceContainer(cr, imageTags.DatasourceImageTag),
-		}
+	containers := []corev1.Container{
+		NewCoreContainer(cr, specs, imageTags.CoreImageTag, tls, openshift),
+		NewGrafanaContainer(cr, imageTags.GrafanaImageTag, tls),
+		NewJfrDatasourceContainer(cr, imageTags.DatasourceImageTag),
 	}
 
 	volumes := newVolumeForCR(cr)
@@ -296,35 +289,31 @@ func NewPodForCR(cr *model.CryostatInstance, specs *ServiceSpecs, imageTags *Ima
 			},
 		})
 
-		keyVolume := corev1.Volume{
-			Name: "keystore",
-			VolumeSource: corev1.VolumeSource{
-				Secret: &corev1.SecretVolumeSource{
-					SecretName: tls.CryostatSecret,
-					Items: []corev1.KeyToPath{
-						{
-							Key:  "keystore.p12",
-							Path: "keystore.p12",
-							Mode: &readOnlyMode,
+		volumes = append(volumes,
+			corev1.Volume{
+				Name: "keystore",
+				VolumeSource: corev1.VolumeSource{
+					Secret: &corev1.SecretVolumeSource{
+						SecretName: tls.CryostatSecret,
+						Items: []corev1.KeyToPath{
+							{
+								Key:  "keystore.p12",
+								Path: "keystore.p12",
+								Mode: &readOnlyMode,
+							},
 						},
 					},
 				},
 			},
-		}
-
-		volumes = append(volumes, keyVolume)
-
-		if !cr.Spec.Minimal {
-			grafanaSecretVolume := corev1.Volume{
+			corev1.Volume{
 				Name: "grafana-tls-secret",
 				VolumeSource: corev1.VolumeSource{
 					Secret: &corev1.SecretVolumeSource{
 						SecretName: tls.GrafanaSecret,
 					},
 				},
-			}
-			volumes = append(volumes, grafanaSecretVolume)
-		}
+			},
+		)
 	}
 
 	// Project certificate secrets into deployment
@@ -886,26 +875,24 @@ func NewCoreContainer(cr *model.CryostatInstance, specs *ServiceSpecs, imageTag
 		},
 	})
 
-	if !cr.Spec.Minimal {
-		grafanaVars := []corev1.EnvVar{
-			{
-				Name:  "GRAFANA_DATASOURCE_URL",
-				Value: datasourceURL,
+	grafanaVars := []corev1.EnvVar{
+		{
+			Name:  "GRAFANA_DATASOURCE_URL",
+			Value: datasourceURL,
+		},
+	}
+	if specs.GrafanaURL != nil {
+		grafanaVars = append(grafanaVars,
+			corev1.EnvVar{
+				Name:  "GRAFANA_DASHBOARD_EXT_URL",
+				Value: specs.GrafanaURL.String(),
 			},
-		}
-		if specs.GrafanaURL != nil {
-			grafanaVars = append(grafanaVars,
-				corev1.EnvVar{
-					Name:  "GRAFANA_DASHBOARD_EXT_URL",
-					Value: specs.GrafanaURL.String(),
-				},
-				corev1.EnvVar{
-					Name:  "GRAFANA_DASHBOARD_URL",
-					Value: getInternalDashboardURL(tls),
-				})
-		}
-		envs = append(envs, grafanaVars...)
+			corev1.EnvVar{
+				Name:  "GRAFANA_DASHBOARD_URL",
+				Value: getInternalDashboardURL(tls),
+			})
 	}
+	envs = append(envs, grafanaVars...)
 
 	livenessProbeScheme := corev1.URISchemeHTTP
 	if tls == nil {

diff --git a/internal/controllers/ingresses.go b/internal/controllers/ingresses.go
@@ -61,10 +61,9 @@ func (r *Reconciler) reconcileGrafanaIngress(ctx context.Context, cr *model.Cryo
 		},
 	}
 
-	if cr.Spec.Minimal || cr.Spec.NetworkOptions == nil || cr.Spec.NetworkOptions.GrafanaConfig == nil ||
+	if cr.Spec.NetworkOptions == nil || cr.Spec.NetworkOptions.GrafanaConfig == nil ||
 		cr.Spec.NetworkOptions.GrafanaConfig.IngressSpec == nil {
-		// User has either chosen a minimal deployment or not requested
-		// an Ingress, delete if it exists
+		// User has not requested an Ingress, delete if it exists
 		return r.deleteIngress(ctx, ingress)
 	}
 	grafanaConfig := configureGrafanaIngress(cr)

diff --git a/internal/controllers/reconciler.go b/internal/controllers/reconciler.go
@@ -176,8 +176,6 @@ func (r *Reconciler) reconcileCryostat(ctx context.Context, cr *model.CryostatIn
 		}
 	}
 
-	reqLogger.Info("Spec", "Minimal", cr.Spec.Minimal)
-
 	// Create lock config map or fail if owned by another CR
 	err := r.reconcileLockConfigMap(ctx, cr)
 	if err != nil {