securesign · osmman · Dec 11, 2023
diff --git a/README.md b/README.md
@@ -9,7 +9,7 @@ This chart extends all the features in the upstream chart in addition to includi
 ### Installing from the Chart Repository
 
 For a quickstart on how to install Sigstore components on OpenShift refer to the
-[quickstart quide](./quick-start-with-keycloak.md)
+[quickstart quide](docs/quick-start-with-keycloak.md)
 
 ## Scaffolding Chart
 

diff --git a/charts/trusted-artifact-signer/Chart.yaml b/charts/trusted-artifact-signer/Chart.yaml
@@ -33,4 +33,4 @@ sources:
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.26
+version: 0.1.27
diff --git a/charts/trusted-artifact-signer/README.md b/charts/trusted-artifact-signer/README.md
@@ -3,15 +3,15 @@
 
 A Helm chart for deploying Sigstore scaffold chart that is opinionated for OpenShift
 
-![Version: 0.1.26](https://img.shields.io/badge/Version-0.1.26-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+![Version: 0.1.27](https://img.shields.io/badge/Version-0.1.27-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
 ## Overview
 
 This wrapper chart builds on top of the [Scaffold](https://github.com/sigstore/helm-charts/tree/main/charts/scaffold)
 chart from the Sigstore project to both simplify and satisfy the requirements for deployment within an OpenShift
 
 If you have already read this document and want a quick no-fail path to installing a Sigstore stack with RH SSO,
-follow [quick start](../../quick-start-with-keycloak.md)
+follow [quick start](../../docs/quick-start-with-keycloak.md)
 
 The chart enhances the scaffold chart by taking care of the following:
 
@@ -40,9 +40,9 @@ scaffold:
 The following must be satisfied prior to deploying the sample implementation:
 
 * Fulcio root CA certificate and signing keys
-    * More information in [requirements-keys-certs.md](../../requirements-keys-certs.md)
+    * More information in [requirements-keys-certs.md](../../docs/requirements-keys-certs.md)
 * OpenID Token Issuer endpoint
-    * Keycloak/RHSSO requirements can be followed and deployed in OpenShift with [keycloak-example.md](../../keycloak-example.md)
+    * Keycloak/RHSSO requirements can be followed and deployed in OpenShift with [keycloak-example.md](../../docs/keycloak-example.md)
 
 #### Update the values file
 
@@ -66,11 +66,11 @@ OPENSHIFT_APPS_SUBDOMAIN=apps.$(oc get dns cluster -o jsonpath='{ .spec.baseDoma
 
 ### Monitor Sigstore Components with Grafana
 
-For real-time analytics through Grafana, refer to our [enable-grafana-monitoring.md](../../enable-grafana-monitoring.md) guide.
+For real-time analytics through Grafana, refer to our [enable-grafana-monitoring.md](../../docs/enable-grafana-monitoring.md) guide.
 
 ### Sign and/or verify artifacts!
 
-Follow [this](../../sign-verify.md) to sign and/or verify artifacts.
+Follow [this](../../docs/sign-verify.md) to sign and/or verify artifacts.
 
 ## Requirements
 

diff --git a/charts/trusted-artifact-signer/README.md.gotmpl b/charts/trusted-artifact-signer/README.md.gotmpl
@@ -9,7 +9,7 @@ This wrapper chart builds on top of the [Scaffold](https://github.com/sigstore/h
 chart from the Sigstore project to both simplify and satisfy the requirements for deployment within an OpenShift
 
 If you have already read this document and want a quick no-fail path to installing a Sigstore stack with RH SSO,
-follow [quick start](../../quick-start-with-keycloak.md)
+follow [quick start](../../docs/quick-start-with-keycloak.md)
 
 The chart enhances the scaffold chart by taking care of the following:
 
@@ -38,9 +38,9 @@ scaffold:
 The following must be satisfied prior to deploying the sample implementation:
 
 * Fulcio root CA certificate and signing keys
-    * More information in [requirements-keys-certs.md](../../requirements-keys-certs.md)
+    * More information in [requirements-keys-certs.md](../../docs/requirements-keys-certs.md)
 * OpenID Token Issuer endpoint
-    * Keycloak/RHSSO requirements can be followed and deployed in OpenShift with [keycloak-example.md](../../keycloak-example.md)
+    * Keycloak/RHSSO requirements can be followed and deployed in OpenShift with [keycloak-example.md](../../docs/keycloak-example.md)
 
 #### Update the values file
 
@@ -64,11 +64,11 @@ OPENSHIFT_APPS_SUBDOMAIN=apps.$(oc get dns cluster -o jsonpath='{ .spec.baseDoma
 
 ### Monitor Sigstore Components with Grafana
 
-For real-time analytics through Grafana, refer to our [enable-grafana-monitoring.md](../../enable-grafana-monitoring.md) guide.
+For real-time analytics through Grafana, refer to our [enable-grafana-monitoring.md](../../docs/enable-grafana-monitoring.md) guide.
 
 ### Sign and/or verify artifacts!
 
-Follow [this](../../sign-verify.md) to sign and/or verify artifacts.
+Follow [this](../../docs/sign-verify.md) to sign and/or verify artifacts.
 
 {{ template "chart.requirementsSection" . }}
 

diff --git a/charts/trusted-artifact-signer/values.yaml b/charts/trusted-artifact-signer/values.yaml
@@ -15,6 +15,8 @@ configs:
       pullPolicy: IfNotPresent
     rolebindings:
       - segment-backup-job
+    name: segment-backup-job
+    namespace: trusted-artifact-signer-monitoring
   clientserver:
     # -- Whether to create the OpenShift resource 'ConsoleCLIDownload' for each binary.
     # -- This can only be enabled if the OpenShift CRD is registered.

diff --git a/configure-oidc.md → docs/configure-oidc.md b/configure-oidc.md → docs/configure-oidc.md
@@ -55,7 +55,7 @@ The OIDC issuer environment variable must point to Google rather than Keycloak i
 ```
 export OIDC_ISSUER_URL=https://accounts.google.com
 ```
-This value overrides what is specified in the [sign-verify documentation](https://github.com/securesign/sigstore-ocp/blob/main/sign-verify.md). Be careful to avoid resetting `OIDC_ISSUER_URL` when using the `sign-verify` documentation steps or sourcing the `tas-env-variables.sh` script. You can check what the environment variable's value is by issuing
+This value overrides what is specified in the [sign-verify documentation](sign-verify.md). Be careful to avoid resetting `OIDC_ISSUER_URL` when using the `sign-verify` documentation steps or sourcing the `tas-env-variables.sh` script. You can check what the environment variable's value is by issuing
 
 ```
 $ echo $OIDC_ISSUER_URL

diff --git a/hack/configure-self-signed-cluster.md → docs/configure-self-signed-cluster.md b/hack/configure-self-signed-cluster.md → docs/configure-self-signed-cluster.md
@@ -31,4 +31,4 @@ fulcio to trust the ingress certificate for the keycloak OIDC endpoint.
 oc patch deployment/fulcio-server -n fulcio-system --patch-file /path/to/securesign/sigstore-ocp/hack/fulcio-patch-self-signed-oidc.yaml
 ```
 
-Now wait for all jobs to complete, then sign as usual. Refer to [the sign and verify doc](../sign-verify.md).
+Now wait for all jobs to complete, then sign as usual. Refer to [the sign and verify doc](sign-verify.md).
diff --git a/enable-grafana-monitoring.md → docs/enable-grafana-monitoring.md b/enable-grafana-monitoring.md → docs/enable-grafana-monitoring.md
diff --git a/keycloak-example.md → docs/keycloak-example.md b/keycloak-example.md → docs/keycloak-example.md
@@ -23,14 +23,14 @@ oc apply --kustomize keycloak/resources/base
 
 ### Add keycloak user and/or credentials
 
-Refer to the [user custom resource](./keycloak/resources/base/user.yaml)
+Refer to the [user custom resource](../keycloak/resources/base/user.yaml)
 for how to create a keycloak user. For testing, a user `jdoe@redhat.com` with password: `secure` is created.
 
 You can access the keycloak route and login as the admin user to set credentials in the keycloak admin console.
 To get the keycloak admin credentials, run `oc extract secret/credential-keycloak -n keycloak-system`.
 This will create an `ADMIN_PASSWORD` file with which to login.
 
-The example custom resource defined in [example-user.yaml](./keycloak/resources/example-user.yaml) can be modified and created:
+The example custom resource defined in [example-user.yaml](../keycloak/resources/example-user.yaml) can be modified and created:
 
 ```bash
 # modify to include user details

diff --git a/quick-start-with-keycloak.md → docs/quick-start-with-keycloak.md b/quick-start-with-keycloak.md → docs/quick-start-with-keycloak.md
@@ -1,7 +1,7 @@
 ## Quick Start with Keycloak OIDC
 
 No-Fail steps to get a working sigstore stack with OpenShift
-Note: [This script](tas-easy-install.sh) will alternatively automate the following workflow. It will create and configure RHSSO and the Sigstore stack. It requires a connection to OpenShift with cluster-admin privileges.
+Note: [This script](../tas-easy-install.sh) will alternatively automate the following workflow. It will create and configure RHSSO and the Sigstore stack. It requires a connection to OpenShift with cluster-admin privileges.
 
 1. Install RHSSO Operator and deploy Sigstore Keycloak
 
@@ -37,4 +37,4 @@ OPENSHIFT_APPS_SUBDOMAIN=apps.$(oc get dns cluster -o jsonpath='{ .spec.baseDoma
 A good way to tell if things are progressing well is to watch `oc get jobs -A` and when the tuf-system job is complete,
 things should be ready.
 
-Once complete, move to the [Sign & Verify document](./sign-verify.md) to test the Sigstore stack. 
+Once complete, move to the [Sign & Verify document](sign-verify.md) to test the Sigstore stack. 
diff --git a/requirements-keys-certs.md → docs/requirements-keys-certs.md b/requirements-keys-certs.md → docs/requirements-keys-certs.md
@@ -3,7 +3,7 @@
 Utilize the following commands and configurations to inject Fulcio root secret:
 
 First, generate a root key.
-Open [fulcio-create-CA script](./fulcio-create-root-ca-openssl.sh) to check out the commands before running it.
+Open [fulcio-create-CA script](../fulcio-create-root-ca-openssl.sh) to check out the commands before running it.
 The `openssl` commands are interactive.
 
 ```shell
@@ -36,7 +36,7 @@ configs:
 
 ## Rekor Signer Key
 
-Open [rekor create signer script](./rekor-create-signer-key.sh) to check out the commands before running it.
+Open [rekor create signer script](../rekor-create-signer-key.sh) to check out the commands before running it.
 Generate a signer key:
 
 ```shell

diff --git a/sign-verify.md → docs/sign-verify.md b/sign-verify.md → docs/sign-verify.md
@@ -1,6 +1,6 @@
 ## Signing a Container From the Local System
 
-Utilize the following steps to sign a container that has been published to an OCI registry, with the cosign client running on your local system and the RHTAS stack running in an OpenShift cluster as documented [here](../quick-start-with-keycloak.md).
+Utilize the following steps to sign a container that has been published to an OCI registry, with the cosign client running on your local system and the RHTAS stack running in an OpenShift cluster as documented [here](quick-start-with-keycloak.md).
 
 1. Export the following environment variables substituting `base_hostname` with the value used as part of the provisioning