From d226a0e7e733dd5a1793a1f39d352457f106e48c Mon Sep 17 00:00:00 2001 From: Robert Fratto Date: Wed, 10 Jan 2024 17:25:28 -0500 Subject: [PATCH] misc: remove production/ in favor of operations/ (#6107) This commit entirely removes the production/ folder in favor of operations/; all known valid external references to the old production folder have been removed. Closes #6077. --- .drone/drone.yml | 20 +- .drone/pipelines/test.jsonnet | 17 - Makefile | 12 +- .../grafana/dashboards/template.jsonnet | 4 +- example/docker-compose/jsonnetfile.json | 2 +- example/docker-compose/jsonnetfile.lock.json | 2 +- production/README.md | 1 - .../grafana-agent-mixin/alerts.libsonnet | 414 - .../grafana-agent-mixin/config.libsonnet | 13 - .../grafana-agent-mixin/dashboards.libsonnet | 789 -- .../grafana-agent-mixin/debugging.libsonnet | 128 - .../grafana-agent-mixin/jsonnetfile.json | 25 - .../grafana-agent-mixin/mixin.libsonnet | 4 - .../grafana-agent-mixin/utils.libsonnet | 34 - production/kubernetes/README.md | 50 - production/kubernetes/agent-bare.yaml | 115 - production/kubernetes/agent-loki.yaml | 100 - production/kubernetes/agent-traces.yaml | 154 - production/kubernetes/build/build.sh | 15 - production/kubernetes/build/jsonnetfile.json | 49 - .../kubernetes/build/jsonnetfile.lock.json | 74 - production/kubernetes/build/lib/k.libsonnet | 1 - .../kubernetes/build/lib/version.libsonnet | 1 - .../build/templates/bare/main.jsonnet | 41 - .../kubernetes/build/templates/bare/spec.json | 11 - .../build/templates/base-sigv4/main.jsonnet | 31 - .../build/templates/base-sigv4/spec.json | 11 - .../build/templates/base/main.jsonnet | 23 - .../kubernetes/build/templates/base/spec.json | 11 - .../build/templates/loki/main.jsonnet | 17 - .../kubernetes/build/templates/loki/spec.json | 11 - .../build/templates/operator/main.jsonnet | 160 - .../build/templates/operator/spec.json | 11 - .../build/templates/traces/main.jsonnet | 41 - .../build/templates/traces/spec.json | 11 - production/kubernetes/install-bare.sh | 34 - .../monitoring.coreos.com_podmonitors.yaml | 679 -- .../crds/monitoring.coreos.com_probes.yaml | 722 -- ...monitoring.coreos.com_servicemonitors.yaml | 709 -- .../monitoring.grafana.com_grafanaagents.yaml | 7795 ----------------- .../monitoring.grafana.com_integrations.yaml | 1738 ---- .../monitoring.grafana.com_logsinstances.yaml | 500 -- ...nitoring.grafana.com_metricsinstances.yaml | 861 -- .../crds/monitoring.grafana.com_podlogs.yaml | 588 -- .../operator/templates/agent-operator.yaml | 645 -- .../grafana-agent-operator/jsonnetfile.json | 34 - .../grafana-agent-operator/operator.libsonnet | 60 - .../util/grafana-agent.libsonnet | 23 - .../util/integrations.libsonnet | 17 - .../util/k8slogs.libsonnet | 33 - .../util/k8smonitors.libsonnet | 56 - .../util/logsinstance.libsonnet | 21 - .../util/metricsinstance.libsonnet | 20 - .../tanka/grafana-agent/config.libsonnet | 117 - .../grafana-agent/grafana-agent.libsonnet | 85 - .../tanka/grafana-agent/jsonnetfile.json | 14 - .../grafana-agent/scraping-svc/main.libsonnet | 107 - .../scraping-svc/syncer.libsonnet | 61 - .../smoke/avalanche/main.libsonnet | 49 - .../grafana-agent/smoke/crow/main.libsonnet | 36 - .../grafana-agent/smoke/etcd/main.libsonnet | 30 - .../tanka/grafana-agent/smoke/main.libsonnet | 69 - production/tanka/grafana-agent/v1/README.md | 79 - .../grafana-agent/v1/internal/agent.libsonnet | 72 - .../v1/internal/kubernetes_instance.libsonnet | 27 - .../v1/internal/kubernetes_logs.libsonnet | 7 - .../grafana-agent/v1/internal/utils.libsonnet | 36 - .../grafana-agent/v1/lib/deployment.libsonnet | 83 - .../v1/lib/integrations.libsonnet | 33 - .../tanka/grafana-agent/v1/lib/logs.libsonnet | 82 - .../grafana-agent/v1/lib/metrics.libsonnet | 116 - .../v1/lib/scraping_service.libsonnet | 4 - .../grafana-agent/v1/lib/traces.libsonnet | 121 - .../tanka/grafana-agent/v1/main.libsonnet | 142 - production/tanka/grafana-agent/v2/README.md | 84 - .../grafana-agent/v2/internal/base.libsonnet | 56 - .../internal/controllers/daemonset.libsonnet | 22 - .../internal/controllers/deployment.libsonnet | 22 - .../controllers/statefulset.libsonnet | 23 - .../v2/internal/helpers/k8s.libsonnet | 523 -- .../v2/internal/helpers/logs.libsonnet | 27 - .../v2/internal/helpers/service.libsonnet | 13 - .../v2/internal/syncer.libsonnet | 62 - .../tanka/grafana-agent/v2/main.libsonnet | 50 - tools/generate-crds.bash | 12 +- 85 files changed, 13 insertions(+), 19189 deletions(-) delete mode 100644 production/README.md delete mode 100644 production/grafana-agent-mixin/alerts.libsonnet delete mode 100644 production/grafana-agent-mixin/config.libsonnet delete mode 100644 production/grafana-agent-mixin/dashboards.libsonnet delete mode 100644 production/grafana-agent-mixin/debugging.libsonnet delete mode 100644 production/grafana-agent-mixin/jsonnetfile.json delete mode 100644 production/grafana-agent-mixin/mixin.libsonnet delete mode 100644 production/grafana-agent-mixin/utils.libsonnet delete mode 100644 production/kubernetes/README.md delete mode 100644 production/kubernetes/agent-bare.yaml delete mode 100644 production/kubernetes/agent-loki.yaml delete mode 100644 production/kubernetes/agent-traces.yaml delete mode 100755 production/kubernetes/build/build.sh delete mode 100644 production/kubernetes/build/jsonnetfile.json delete mode 100644 production/kubernetes/build/jsonnetfile.lock.json delete mode 100644 production/kubernetes/build/lib/k.libsonnet delete mode 100644 production/kubernetes/build/lib/version.libsonnet delete mode 100644 production/kubernetes/build/templates/bare/main.jsonnet delete mode 100644 production/kubernetes/build/templates/bare/spec.json delete mode 100644 production/kubernetes/build/templates/base-sigv4/main.jsonnet delete mode 100644 production/kubernetes/build/templates/base-sigv4/spec.json delete mode 100644 production/kubernetes/build/templates/base/main.jsonnet delete mode 100644 production/kubernetes/build/templates/base/spec.json delete mode 100644 production/kubernetes/build/templates/loki/main.jsonnet delete mode 100644 production/kubernetes/build/templates/loki/spec.json delete mode 100644 production/kubernetes/build/templates/operator/main.jsonnet delete mode 100644 production/kubernetes/build/templates/operator/spec.json delete mode 100644 production/kubernetes/build/templates/traces/main.jsonnet delete mode 100644 production/kubernetes/build/templates/traces/spec.json delete mode 100644 production/kubernetes/install-bare.sh delete mode 100644 production/operator/crds/monitoring.coreos.com_podmonitors.yaml delete mode 100644 production/operator/crds/monitoring.coreos.com_probes.yaml delete mode 100644 production/operator/crds/monitoring.coreos.com_servicemonitors.yaml delete mode 100644 production/operator/crds/monitoring.grafana.com_grafanaagents.yaml delete mode 100644 production/operator/crds/monitoring.grafana.com_integrations.yaml delete mode 100644 production/operator/crds/monitoring.grafana.com_logsinstances.yaml delete mode 100644 production/operator/crds/monitoring.grafana.com_metricsinstances.yaml delete mode 100644 production/operator/crds/monitoring.grafana.com_podlogs.yaml delete mode 100644 production/operator/templates/agent-operator.yaml delete mode 100644 production/tanka/grafana-agent-operator/jsonnetfile.json delete mode 100644 production/tanka/grafana-agent-operator/operator.libsonnet delete mode 100644 production/tanka/grafana-agent-operator/util/grafana-agent.libsonnet delete mode 100644 production/tanka/grafana-agent-operator/util/integrations.libsonnet delete mode 100644 production/tanka/grafana-agent-operator/util/k8slogs.libsonnet delete mode 100644 production/tanka/grafana-agent-operator/util/k8smonitors.libsonnet delete mode 100644 production/tanka/grafana-agent-operator/util/logsinstance.libsonnet delete mode 100644 production/tanka/grafana-agent-operator/util/metricsinstance.libsonnet delete mode 100644 production/tanka/grafana-agent/config.libsonnet delete mode 100644 production/tanka/grafana-agent/grafana-agent.libsonnet delete mode 100644 production/tanka/grafana-agent/jsonnetfile.json delete mode 100644 production/tanka/grafana-agent/scraping-svc/main.libsonnet delete mode 100644 production/tanka/grafana-agent/scraping-svc/syncer.libsonnet delete mode 100644 production/tanka/grafana-agent/smoke/avalanche/main.libsonnet delete mode 100644 production/tanka/grafana-agent/smoke/crow/main.libsonnet delete mode 100644 production/tanka/grafana-agent/smoke/etcd/main.libsonnet delete mode 100644 production/tanka/grafana-agent/smoke/main.libsonnet delete mode 100644 production/tanka/grafana-agent/v1/README.md delete mode 100644 production/tanka/grafana-agent/v1/internal/agent.libsonnet delete mode 100644 production/tanka/grafana-agent/v1/internal/kubernetes_instance.libsonnet delete mode 100644 production/tanka/grafana-agent/v1/internal/kubernetes_logs.libsonnet delete mode 100644 production/tanka/grafana-agent/v1/internal/utils.libsonnet delete mode 100644 production/tanka/grafana-agent/v1/lib/deployment.libsonnet delete mode 100644 production/tanka/grafana-agent/v1/lib/integrations.libsonnet delete mode 100644 production/tanka/grafana-agent/v1/lib/logs.libsonnet delete mode 100644 production/tanka/grafana-agent/v1/lib/metrics.libsonnet delete mode 100644 production/tanka/grafana-agent/v1/lib/scraping_service.libsonnet delete mode 100644 production/tanka/grafana-agent/v1/lib/traces.libsonnet delete mode 100644 production/tanka/grafana-agent/v1/main.libsonnet delete mode 100644 production/tanka/grafana-agent/v2/README.md delete mode 100644 production/tanka/grafana-agent/v2/internal/base.libsonnet delete mode 100644 production/tanka/grafana-agent/v2/internal/controllers/daemonset.libsonnet delete mode 100644 production/tanka/grafana-agent/v2/internal/controllers/deployment.libsonnet delete mode 100644 production/tanka/grafana-agent/v2/internal/controllers/statefulset.libsonnet delete mode 100644 production/tanka/grafana-agent/v2/internal/helpers/k8s.libsonnet delete mode 100644 production/tanka/grafana-agent/v2/internal/helpers/logs.libsonnet delete mode 100644 production/tanka/grafana-agent/v2/internal/helpers/service.libsonnet delete mode 100644 production/tanka/grafana-agent/v2/internal/syncer.libsonnet delete mode 100644 production/tanka/grafana-agent/v2/main.libsonnet diff --git a/.drone/drone.yml b/.drone/drone.yml index 43e4161ef322..b65be33159f8 100644 --- a/.drone/drone.yml +++ b/.drone/drone.yml @@ -119,24 +119,6 @@ trigger: type: docker --- kind: pipeline -name: Test manifests -platform: - arch: amd64 - os: linux -steps: -- commands: - - make generate-manifests - - ERR_MSG="The environment manifests are out of date. Please run 'make generate-manifests' - and commit changes!" - - if [ ! -z "$(git status --porcelain)" ]; then echo $ERR_MSG >&2; exit 1; fi - image: grafana/agent-build-image:0.30.4 - name: Regenerate environment manifests -trigger: - event: - - pull_request -type: docker ---- -kind: pipeline name: Test platform: arch: amd64 @@ -1427,6 +1409,6 @@ kind: secret name: updater_private_key --- kind: signature -hmac: 28ba52df6f22c10bf77a95386a49aff65a1c372127f7d89489ac2d3ee02ce618 +hmac: c6d9dd05507a2967a2ba394ee5e411e9dff9135335d31881d0d3ee262c7ea63a ... diff --git a/.drone/pipelines/test.jsonnet b/.drone/pipelines/test.jsonnet index 438447f99325..6daa113d2019 100644 --- a/.drone/pipelines/test.jsonnet +++ b/.drone/pipelines/test.jsonnet @@ -50,23 +50,6 @@ local pipelines = import '../util/pipelines.jsonnet'; }], }, - pipelines.linux('Test manifests') { - trigger: { - event: ['pull_request'], - }, - steps: [{ - name: 'Regenerate environment manifests', - image: build_image.linux, - - commands: [ - 'make generate-manifests', - 'ERR_MSG="The environment manifests are out of date. Please run \'make generate-manifests\' and commit changes!"', - // "git status --porcelain" reports if there's any new, modified, or deleted files. - 'if [ ! -z "$(git status --porcelain)" ]; then echo $ERR_MSG >&2; exit 1; fi', - ], - }], - }, - pipelines.linux('Test') { trigger: { event: ['pull_request'], diff --git a/Makefile b/Makefile index 5b7d4f424759..7b86fcae9080 100644 --- a/Makefile +++ b/Makefile @@ -56,7 +56,6 @@ ## generate-drone Generate the Drone YAML from Jsonnet. ## generate-helm-docs Generate Helm chart documentation. ## generate-helm-tests Generate Helm chart tests. -## generate-manifests Generate production/kubernetes YAML manifests. ## generate-dashboards Generate dashboards in example/docker-compose after ## changing Jsonnet. ## generate-protos Generate protobuf files. @@ -286,8 +285,8 @@ smoke-image: # Targets for generating assets # -.PHONY: generate generate-crds generate-drone generate-helm-docs generate-helm-tests generate-manifests generate-dashboards generate-protos generate-ui generate-versioned-files -generate: generate-crds generate-drone generate-helm-docs generate-helm-tests generate-manifests generate-dashboards generate-protos generate-ui generate-versioned-files generate-docs +.PHONY: generate generate-crds generate-drone generate-helm-docs generate-helm-tests generate-dashboards generate-protos generate-ui generate-versioned-files +generate: generate-crds generate-drone generate-helm-docs generate-helm-tests generate-dashboards generate-protos generate-ui generate-versioned-files generate-docs generate-crds: ifeq ($(USE_CONTAINER),1) @@ -314,13 +313,6 @@ else bash ./operations/helm/scripts/rebuild-tests.sh endif -generate-manifests: -ifeq ($(USE_CONTAINER),1) - $(RERUN_IN_CONTAINER) -else - cd production/kubernetes/build && bash build.sh -endif - generate-dashboards: ifeq ($(USE_CONTAINER),1) $(RERUN_IN_CONTAINER) diff --git a/example/docker-compose/grafana/dashboards/template.jsonnet b/example/docker-compose/grafana/dashboards/template.jsonnet index edc460218987..157860f0a389 100644 --- a/example/docker-compose/grafana/dashboards/template.jsonnet +++ b/example/docker-compose/grafana/dashboards/template.jsonnet @@ -1,5 +1,5 @@ -local agentDashboards = import 'grafana-agent-mixin/dashboards.libsonnet'; -local agentDebugging = import 'grafana-agent-mixin/debugging.libsonnet'; +local agentDashboards = import 'agent-static-mixin/dashboards.libsonnet'; +local agentDebugging = import 'agent-static-mixin/debugging.libsonnet'; local result = agentDashboards + agentDebugging { files: { diff --git a/example/docker-compose/jsonnetfile.json b/example/docker-compose/jsonnetfile.json index 1f2735e529cf..bee24c1dcf32 100644 --- a/example/docker-compose/jsonnetfile.json +++ b/example/docker-compose/jsonnetfile.json @@ -4,7 +4,7 @@ { "source": { "local": { - "directory": "../../production/grafana-agent-mixin" + "directory": "../../operations/agent-static-mixin" } }, "version": "" diff --git a/example/docker-compose/jsonnetfile.lock.json b/example/docker-compose/jsonnetfile.lock.json index 1803372b5348..463fc7a6776b 100644 --- a/example/docker-compose/jsonnetfile.lock.json +++ b/example/docker-compose/jsonnetfile.lock.json @@ -24,7 +24,7 @@ { "source": { "local": { - "directory": "../../production/grafana-agent-mixin" + "directory": "../../operations/agent-static-mixin" } }, "version": "" diff --git a/production/README.md b/production/README.md deleted file mode 100644 index 93a7f2594349..000000000000 --- a/production/README.md +++ /dev/null @@ -1 +0,0 @@ -**NOTE**: This folder has been deprecated in favor of [operations/](../operations/) and will be removed. diff --git a/production/grafana-agent-mixin/alerts.libsonnet b/production/grafana-agent-mixin/alerts.libsonnet deleted file mode 100644 index 51fe81e0e539..000000000000 --- a/production/grafana-agent-mixin/alerts.libsonnet +++ /dev/null @@ -1,414 +0,0 @@ -local config = import 'config.libsonnet'; -local _config = config._config; - -{ - prometheusAlerts+:: { - groups+: [ - { - name: 'grafana-agent-tracing', - rules: [ - { - alert: 'AgentTracingReceiverErrors', - // TODO(@mapno): add recording rule for total spans - expr: ||| - 100 * sum(rate(traces_receiver_refused_spans{receiver!="otlp/lb"}[1m])) by (%(group_by_cluster)s, receiver) - / - (sum(rate(traces_receiver_refused_spans{receiver!="otlp/lb"}[1m])) by (%(group_by_cluster)s, receiver) + sum(rate(traces_receiver_accepted_spans{receiver!="otlp/lb"}[1m])) by (%(group_by_cluster)s, receiver)) - > 10 - ||| % _config, - 'for': '15m', - labels: { - severity: 'warning', - }, - annotations: { - message: ||| - Receiver {{ $labels.receiver }} is experiencing {{ printf "%.2f" $value }}% errors. - |||, - }, - }, - { - alert: 'AgentTracingExporterErrors', - // TODO(@mapno): add recording rule for total spans - expr: ||| - 100 * sum(rate(traces_exporter_send_failed_spans{exporter!="otlp"}[1m])) by (%(group_by_cluster)s, exporter) - / - (sum(rate(traces_exporter_send_failed_spans{exporter!="otlp"}[1m])) by (%(group_by_cluster)s, exporter) + sum(rate(traces_exporter_sent_spans{exporter!="otlp"}[1m])) by (%(group_by_cluster)s, exporter)) - > 10 - ||| % _config, - 'for': '15m', - labels: { - severity: 'warning', - }, - annotations: { - message: ||| - Exporter {{ $labels.exporter }} is experiencing {{ printf "%.2f" $value }}% errors. - |||, - }, - }, - { - alert: 'AgentTracingLoadBalancingErrors', - expr: ||| - 100 * sum(rate(traces_loadbalancer_backend_outcome{success="false"}[1m])) by (%(group_by_cluster)s) - / - sum(rate(traces_loadbalancer_backend_outcome{success="true"}[1m])) by (%(group_by_cluster)s) - > 10 - ||| % _config, - 'for': '15m', - labels: { - severity: 'warning', - }, - annotations: { - message: ||| - Load balancing is experiencing {{ printf "%.2f" $value }}% errors. - |||, - }, - }, - ], - }, - { - name: 'GrafanaAgentSmokeChecks', - rules: [ - { - alert: 'GrafanaAgentDown', - expr: ||| - up{ - namespace="agent-smoke-test", - pod=~"grafana-agent-smoke-test-(0|cluster-0|cluster-1|cluster-2)", - } == 0 - |||, - 'for': '5m', - annotations: { - summary: '{{ $labels.job }} is down', - }, - }, - { - alert: 'GrafanaAgentFlapping', - expr: ||| - avg_over_time(up{ - namespace="agent-smoke-test", - pod=~"grafana-agent-smoke-test-(0|cluster-0|cluster-1|cluster-2)", - }[5m]) < 1 - |||, - 'for': '15m', - annotations: { - summary: '{{ $labels.job }} is flapping', - }, - }, - - // Checks that the CPU usage doesn't go too high. This was generated from internal usage where - // every 1,000 active series used roughly 0.0013441% of CPU. This alert only fires if there is a - // minimum load threshold of at least 1000 active series. - { - alert: 'GrafanaAgentCPUHigh', - expr: ||| - (sum by (pod) (rate(container_cpu_usage_seconds_total{cluster=~".+", namespace=~"agent-smoke-test", container=~".+", pod="grafana-agent-smoke-test-cluster-2"}[5m])) - / - (sum by (pod) (agent_wal_storage_active_series{cluster=~".+", namespace=~"agent-smoke-test", container=~".+", pod="grafana-agent-smoke-test-cluster-2"}) / 1000) - > 0.0013441) - and - sum by (pod) (agent_wal_storage_active_series{cluster=~".+", namespace=~"agent-smoke-test", container=~".+", pod="grafana-agent-smoke-test-cluster-2"}) > 1000 - |||, - 'for': '1h', - annotations: { - summary: '{{ $labels.pod }} is using more than 0.0013441 CPU per 1000 series over the last 5 minutes', - }, - }, - - // We assume roughly ~8KB per series. Check that each deployment - // doesn't go too far above this. - // - // We aggregate the memory of the scraping service together since an individual - // node with a really small number of active series will throw this metric off. - { - alert: 'GrafanaAgentMemHigh', - expr: ||| - sum without (pod, instance) (go_memstats_heap_inuse_bytes{job=~"agent-smoke-test/grafana-agent-smoke-test.*"}) / - sum without (pod, instance, instance_group_name) (agent_wal_storage_active_series{job=~"agent-smoke-test/grafana-agent-smoke-test.*"}) / 1e3 > 10 - |||, - 'for': '1h', - annotations: { - summary: '{{ $labels.job }} has used more than 10KB per series for more than 5 minutes', - }, - }, - { - alert: 'GrafanaAgentContainerRestarts', - expr: ||| - sum by (pod) (rate(kube_pod_container_status_restarts_total{namespace="agent-smoke-test"}[10m])) > 0 - |||, - annotations: { - summary: '{{ $labels.pod }} has a high rate of container restarts', - }, - }, - ], - }, - { - name: 'GrafanaAgentCrowChecks', - rules: [ - { - alert: 'CrowDown', - expr: ||| - up{job=~"agent-smoke-test/crow-.*"} == 0 - |||, - 'for': '5m', - annotations: { - summary: 'Crow {{ $labels.job }} is down.', - }, - }, - { - alert: 'CrowFlapping', - expr: ||| - avg_over_time(up{job=~"agent-smoke-test/crow-.*"}[5m]) < 1 - |||, - 'for': '15m', - annotations: { - summary: 'Crow {{ $labels.job }} is flapping.', - }, - }, - { - alert: 'CrowNotScraped', - expr: ||| - rate(crow_test_samples_total[5m]) == 0 - |||, - 'for': '15m', - annotations: { - summary: 'Crow {{ $labels.job }} is not being scraped.', - }, - }, - { - alert: 'CrowFailures', - expr: ||| - ( - rate(crow_test_sample_results_total{result="success"}[5m]) - / - ignoring(result) sum without (result) (rate(crow_test_sample_results_total[5m])) - ) - < 1 - |||, - 'for': '15m', - annotations: { - summary: 'Crow {{ $labels.job }} has had failures for at least 5m', - }, - }, - ], - }, - { - name: 'VultureChecks', - rules: [ - { - alert: 'VultureDown', - expr: ||| - up{job=~"agent-smoke-test/vulture"} == 0 - |||, - 'for': '5m', - annotations: { - summary: 'Vulture {{ $labels.job }} is down.', - }, - }, - { - alert: 'VultureFlapping', - expr: ||| - avg_over_time(up{job=~"agent-smoke-test/vulture"}[5m]) < 1 - |||, - 'for': '15m', - annotations: { - summary: 'Vulture {{ $labels.job }} is flapping.', - }, - }, - { - alert: 'VultureNotScraped', - expr: ||| - rate(tempo_vulture_trace_total[1m]) == 0 - |||, - 'for': '5m', - annotations: { - summary: 'Vulture {{ $labels.job }} is not being scraped.', - }, - }, - { - alert: 'VultureFailures', - expr: ||| - (rate(tempo_vulture_error_total[5m]) / rate(tempo_vulture_trace_total[5m])) > 0.3 - |||, - 'for': '5m', - annotations: { - summary: 'Vulture {{ $labels.job }} has had failures for at least 5m', - }, - }, - ], - }, - { - name: 'GrafanaAgentConfig', - rules: [ - { - alert: 'AgentRemoteConfigBadAPIRequests', - expr: ||| - 100 * sum(rate(agent_remote_config_fetches_total{status_code=~"(4|5).."}[10m])) by (%(group_by_cluster)s) - / - sum(rate(agent_remote_config_fetches_total[10m])) by (%(group_by_cluster)s) - > 5 - ||| % _config, - 'for': '10m', - labels: { - severity: 'warning', - }, - annotations: { - message: ||| - Receiving HTTP {{ $labels.status_code }} errors from API in {{ printf "%.2f" $value }}% of cases. - |||, - }, - }, - { - alert: 'AgentRemoteConfigBadAPIRequests', - expr: ||| - 100 * sum(rate(agent_remote_config_fetches_total{status_code=~"(4|5).."}[10m])) by (%(group_by_cluster)s) - / - sum(rate(agent_remote_config_fetches_total[10m])) by (%(group_by_cluster)s) - > 10 - ||| % _config, - 'for': '10m', - labels: { - severity: 'critical', - }, - annotations: { - message: ||| - Receiving HTTP {{ $labels.status_code }} errors from API in {{ printf "%.2f" $value }}% of cases. - |||, - }, - }, - { - alert: 'AgentRemoteConfigFetchErrors', - expr: ||| - 100 * sum(rate(agent_remote_config_fetch_errors_total[10m])) by (%(group_by_cluster)s) - / - sum(rate(agent_remote_config_fetches_total[10m])) by (%(group_by_cluster)s) - > 5 - ||| % _config, - 'for': '10m', - labels: { - severity: 'warning', - }, - annotations: { - message: ||| - Failing to reach Agent Management API. - |||, - }, - }, - { - alert: 'AgentRemoteConfigFetchErrors', - expr: ||| - 100 * sum(rate(agent_remote_config_fetch_errors_total[10m])) by (%(group_by_cluster)s) - / - sum(rate(agent_remote_config_fetches_total[10m])) by (%(group_by_cluster)s) - > 10 - ||| % _config, - 'for': '10m', - labels: { - severity: 'critical', - }, - annotations: { - message: ||| - Failing to reach Agent Management API. - |||, - }, - }, - { - alert: 'AgentRemoteConfigInvalidAPIResponse', - expr: ||| - 100 * sum(rate(agent_remote_config_invalid_total{reason=~".+"}[10m])) by (%(group_by_cluster)s) - / - sum(rate(agent_remote_config_fetches_total[10m])) by (%(group_by_cluster)s) - > 5 - ||| % _config, - 'for': '10m', - labels: { - severity: 'warning', - }, - annotations: { - message: ||| - API is responding with {{ $labels.reason }} in {{ printf "%.2f" $value }}% of cases. - |||, - }, - }, - { - alert: 'AgentRemoteConfigInvalidAPIResponse', - expr: ||| - 100 * sum(rate(agent_remote_config_invalid_total{reason=~".+"}[10m])) by (%(group_by_cluster)s) - / - sum(rate(agent_remote_config_fetches_total[10m])) by (%(group_by_cluster)s) - > 10 - ||| % _config, - 'for': '10m', - labels: { - severity: 'critical', - }, - annotations: { - message: ||| - API is responding with {{ $labels.reason }} in {{ printf "%.2f" $value }}% of cases. - |||, - }, - }, - { - alert: 'AgentFailureToReloadConfig', - expr: ||| - avg_over_time(agent_config_last_load_successful[10m]) < 0.9 - ||| % _config, - 'for': '10m', - labels: { - severity: 'warning', - }, - annotations: { - message: ||| - Instance {{ $labels.instance }} failed to successfully reload the config. - |||, - }, - }, - { - alert: 'AgentFailureToReloadConfig', - expr: ||| - avg_over_time(agent_config_last_load_successful[10m]) < 0.9 - ||| % _config, - 'for': '30m', - labels: { - severity: 'critical', - }, - annotations: { - message: ||| - Instance {{ $labels.instance }} failed to successfully reload the config. - |||, - }, - }, - { - alert: 'AgentManagementFallbackToEmptyConfig', - expr: ||| - sum(rate(agent_management_config_fallbacks_total{fallback_to="empty_config"}[10m])) by (%(group_by_cluster)s) > 0 - ||| % _config, - 'for': '10m', - labels: { - severity: 'warning', - }, - annotations: { - message: ||| - Instance {{ $labels.instance }} fell back to empty configuration. - |||, - }, - }, - { - alert: 'AgentManagementFallbackToEmptyConfig', - expr: ||| - sum(rate(agent_management_config_fallbacks_total{fallback_to="empty_config"}[10m])) by (%(group_by_cluster)s) > 0 - ||| % _config, - 'for': '30m', - labels: { - severity: 'critical', - }, - annotations: { - message: ||| - Instance {{ $labels.instance }} fell back to empty configuration. - |||, - }, - }, - ], - }, - ], - }, -} diff --git a/production/grafana-agent-mixin/config.libsonnet b/production/grafana-agent-mixin/config.libsonnet deleted file mode 100644 index 8a7df26c0d3a..000000000000 --- a/production/grafana-agent-mixin/config.libsonnet +++ /dev/null @@ -1,13 +0,0 @@ -{ - local makeGroupBy(groups) = std.join(', ', groups), - - _config+:: { - namespace: '.*', - - // Groups labels to uniquely identify and group by clusters - cluster_selectors: ['cluster', 'namespace'], - - // Each group-by label list is `, `-separated and unique identifies - group_by_cluster: makeGroupBy($._config.cluster_selectors), - }, -} diff --git a/production/grafana-agent-mixin/dashboards.libsonnet b/production/grafana-agent-mixin/dashboards.libsonnet deleted file mode 100644 index 834ec5181312..000000000000 --- a/production/grafana-agent-mixin/dashboards.libsonnet +++ /dev/null @@ -1,789 +0,0 @@ -local utils = import './utils.libsonnet'; -local g = import 'grafana-builder/grafana.libsonnet'; -local grafana = import 'grafonnet/grafana.libsonnet'; - -local dashboard = grafana.dashboard; -local row = grafana.row; -local singlestat = grafana.singlestat; -local prometheus = grafana.prometheus; -local graphPanel = grafana.graphPanel; -local tablePanel = grafana.tablePanel; -local template = grafana.template; - -{ - grafanaDashboards+:: { - 'agent.json': - utils.injectUtils(g.dashboard('Agent')) - .addMultiTemplate('cluster', 'agent_build_info', 'cluster') - .addMultiTemplate('namespace', 'agent_build_info', 'namespace') - .addMultiTemplate('container', 'agent_build_info', 'container') - .addMultiTemplateWithAll('pod', 'agent_build_info{container=~"$container"}', 'pod', all='grafana-agent-.*') - .addRow( - g.row('Agent Stats') - .addPanel( - g.panel('Agent Stats') + - g.tablePanel([ - 'count by (pod, container, version) (agent_build_info{cluster=~"$cluster", namespace=~"$namespace", container=~"$container"})', - 'max by (pod, container) (time() - process_start_time_seconds{cluster=~"$cluster", namespace=~"$namespace", container=~"$container"})', - ], { - pod: { alias: 'Pod' }, - container: { alias: 'Container' }, - version: { alias: 'Version' }, - 'Value #A': { alias: 'Count', type: 'hidden' }, - 'Value #B': { alias: 'Uptime' }, - }) - ) - ) - .addRow( - g.row('Prometheus Discovery') - .addPanel( - g.panel('Target Sync') + - g.queryPanel('sum(rate(prometheus_target_sync_length_seconds_sum{cluster=~"$cluster", namespace=~"$namespace", container=~"$container"}[5m])) by (pod, scrape_job) * 1e3', '{{pod}}/{{scrape_job}}') + - { yaxes: g.yaxes('ms') } - ) - .addPanel( - g.panel('Targets') + - g.queryPanel('sum by (pod) (prometheus_sd_discovered_targets{cluster=~"$cluster", namespace=~"$namespace", container=~"$container"})', '{{pod}}') + - g.stack - ) - ) - .addRow( - g.row('Prometheus Retrieval') - .addPanel( - g.panel('Average Scrape Interval Duration') + - g.queryPanel(||| - rate(prometheus_target_interval_length_seconds_sum{cluster=~"$cluster", namespace=~"$namespace", container=~"$container"}[5m]) - / - rate(prometheus_target_interval_length_seconds_count{cluster=~"$cluster", namespace=~"$namespace", container=~"$container"}[5m]) - * 1e3 - |||, '{{pod}} {{interval}} configured') + - { yaxes: g.yaxes('ms') } - ) - .addPanel( - g.panel('Scrape failures') + - g.queryPanel([ - 'sum by (job) (rate(prometheus_target_scrapes_exceeded_sample_limit_total{cluster=~"$cluster", namespace=~"$namespace", container=~"$container"}[1m]))', - 'sum by (job) (rate(prometheus_target_scrapes_sample_duplicate_timestamp_total{cluster=~"$cluster", namespace=~"$namespace", container=~"$container"}[1m]))', - 'sum by (job) (rate(prometheus_target_scrapes_sample_out_of_bounds_total{cluster=~"$cluster", namespace=~"$namespace", container=~"$container"}[1m]))', - 'sum by (job) (rate(prometheus_target_scrapes_sample_out_of_order_total{cluster=~"$cluster", namespace=~"$namespace", container=~"$container"}[1m]))', - ], [ - 'exceeded sample limit: {{job}}', - 'duplicate timestamp: {{job}}', - 'out of bounds: {{job}}', - 'out of order: {{job}}', - ]) + - g.stack - ) - .addPanel( - g.panel('Appended Samples') + - g.queryPanel('sum by (job, instance_group_name) (rate(agent_wal_samples_appended_total{cluster=~"$cluster", namespace=~"$namespace", container=~"$container"}[5m]))', '{{job}} {{instance_group_name}}') + - g.stack - ) - ), - - // Remote write specific dashboard. - 'agent-remote-write.json': - local timestampComparison = - graphPanel.new( - 'Highest Timestamp In vs. Highest Timestamp Sent', - datasource='$datasource', - span=6, - ) - .addTarget(prometheus.target( - ||| - ( - prometheus_remote_storage_highest_timestamp_in_seconds{cluster=~"$cluster", namespace=~"$namespace", container=~"$container"} - - - ignoring(url, remote_name) group_right(pod) - prometheus_remote_storage_queue_highest_sent_timestamp_seconds{cluster=~"$cluster", namespace=~"$namespace", container=~"$container"} - ) - |||, - legendFormat='{{cluster}}:{{pod}}-{{instance_group_name}}-{{url}}', - )); - - local remoteSendLatency = - graphPanel.new( - 'Latency [1m]', - datasource='$datasource', - span=6, - ) - .addTarget(prometheus.target( - 'rate(prometheus_remote_storage_sent_batch_duration_seconds_sum{cluster=~"$cluster", namespace=~"$namespace", container=~"$container"}[1m]) / rate(prometheus_remote_storage_sent_batch_duration_seconds_count{cluster=~"$cluster", namespace=~"$namespace", container=~"$container"}[1m])', - legendFormat='mean {{cluster}}:{{pod}}-{{instance_group_name}}-{{url}}', - )) - .addTarget(prometheus.target( - 'histogram_quantile(0.99, rate(prometheus_remote_storage_sent_batch_duration_seconds_bucket{cluster=~"$cluster", namespace=~"$namespace", container=~"$container"}[1m]))', - legendFormat='p99 {{cluster}}:{{pod}}-{{instance_group_name}}-{{url}}', - )); - - local samplesInRate = - graphPanel.new( - 'Rate in [5m]', - datasource='$datasource', - span=6, - ) - .addTarget(prometheus.target( - 'rate(agent_wal_samples_appended_total{cluster=~"$cluster", namespace=~"$namespace", container=~"$container"}[5m])', - legendFormat='{{cluster}}:{{pod}}-{{instance_group_name}}-{{url}}', - )); - - local samplesOutRate = - graphPanel.new( - 'Rate succeeded [5m]', - datasource='$datasource', - span=6, - ) - .addTarget(prometheus.target( - 'rate(prometheus_remote_storage_succeeded_samples_total{cluster=~"$cluster", namespace=~"$namespace", container=~"$container"}[5m]) or rate(prometheus_remote_storage_samples_total{cluster=~"$cluster", namespace=~"$namespace", container=~"$container"}[5m])', - legendFormat='{{cluster}}:{{pod}}-{{instance_group_name}}-{{url}}', - )); - - local currentShards = - graphPanel.new( - 'Current Shards', - datasource='$datasource', - span=12, - min_span=6, - ) - .addTarget(prometheus.target( - 'prometheus_remote_storage_shards{cluster=~"$cluster", namespace=~"$namespace", container=~"$container"}', - legendFormat='{{cluster}}:{{pod}}-{{instance_group_name}}-{{url}}', - )); - - local maxShards = - graphPanel.new( - 'Max Shards', - datasource='$datasource', - span=4, - ) - .addTarget(prometheus.target( - 'prometheus_remote_storage_shards_max{cluster=~"$cluster", namespace=~"$namespace", container=~"$container"}', - legendFormat='{{cluster}}:{{pod}}-{{instance_group_name}}-{{url}}', - )); - - local minShards = - graphPanel.new( - 'Min Shards', - datasource='$datasource', - span=4, - ) - .addTarget(prometheus.target( - 'prometheus_remote_storage_shards_min{cluster=~"$cluster", namespace=~"$namespace", container=~"$container"}', - legendFormat='{{cluster}}:{{pod}}-{{instance_group_name}}-{{url}}', - )); - - local desiredShards = - graphPanel.new( - 'Desired Shards', - datasource='$datasource', - span=4, - ) - .addTarget(prometheus.target( - 'prometheus_remote_storage_shards_desired{cluster=~"$cluster", namespace=~"$namespace", container=~"$container"}', - legendFormat='{{cluster}}:{{pod}}-{{instance_group_name}}-{{url}}', - )); - - local shardsCapacity = - graphPanel.new( - 'Shard Capacity', - datasource='$datasource', - span=6, - ) - .addTarget(prometheus.target( - 'prometheus_remote_storage_shard_capacity{cluster=~"$cluster", namespace=~"$namespace", container=~"$container"}', - legendFormat='{{cluster}}:{{pod}}-{{instance_group_name}}-{{url}}', - )); - - local pendingSamples = - graphPanel.new( - 'Pending Samples', - datasource='$datasource', - span=6, - ) - .addTarget(prometheus.target( - 'prometheus_remote_storage_samples_pending{cluster=~"$cluster", namespace=~"$namespace", container=~"$container"}', - legendFormat='{{cluster}}:{{pod}}-{{instance_group_name}}-{{url}}', - )); - - local queueSegment = - graphPanel.new( - 'Remote Write Current Segment', - datasource='$datasource', - span=6, - formatY1='none', - ) - .addTarget(prometheus.target( - 'prometheus_wal_watcher_current_segment{cluster=~"$cluster", namespace=~"$namespace", container=~"$container"}', - legendFormat='{{cluster}}:{{pod}}-{{instance_group_name}}-{{url}}', - )); - - local droppedSamples = - graphPanel.new( - 'Dropped Samples', - datasource='$datasource', - span=6, - ) - .addTarget(prometheus.target( - 'rate(prometheus_remote_storage_samples_dropped_total{cluster=~"$cluster", namespace=~"$namespace", container=~"$container"}[5m])', - legendFormat='{{cluster}}:{{pod}}-{{instance_group_name}}-{{url}}', - )); - - local failedSamples = - graphPanel.new( - 'Failed Samples', - datasource='$datasource', - span=6, - ) - .addTarget(prometheus.target( - 'rate(prometheus_remote_storage_samples_failed_total{cluster=~"$cluster", namespace=~"$namespace", container=~"$container"}[5m])', - legendFormat='{{cluster}}:{{pod}}-{{instance_group_name}}-{{url}}', - )); - - local retriedSamples = - graphPanel.new( - 'Retried Samples', - datasource='$datasource', - span=6, - ) - .addTarget(prometheus.target( - 'rate(prometheus_remote_storage_samples_retried_total{cluster=~"$cluster", namespace=~"$namespace", container=~"$container"}[5m])', - legendFormat='{{cluster}}:{{pod}}-{{instance_group_name}}-{{url}}', - )); - - local enqueueRetries = - graphPanel.new( - 'Enqueue Retries', - datasource='$datasource', - span=6, - ) - .addTarget(prometheus.target( - 'rate(prometheus_remote_storage_enqueue_retries_total{cluster=~"$cluster", namespace=~"$namespace", container=~"$container"}[5m])', - legendFormat='{{cluster}}:{{pod}}-{{instance_group_name}}-{{url}}', - )); - - dashboard.new('Agent Prometheus Remote Write', tags=['grafana-agent-mixin'], editable=true, refresh='30s', time_from='now-1h') - .addTemplate( - { - hide: 0, - label: null, - name: 'datasource', - options: [], - query: 'prometheus', - refresh: 1, - regex: '', - type: 'datasource', - }, - ) - .addTemplate( - template.new( - 'cluster', - '$datasource', - 'label_values(agent_build_info, cluster)', - refresh='time', - current={ - selected: true, - text: 'All', - value: '$__all', - }, - includeAll=true, - ), - ) - .addTemplate( - template.new( - 'namespace', - '$datasource', - 'label_values(agent_build_info, namespace)', - refresh='time', - current={ - selected: true, - text: 'All', - value: '$__all', - }, - includeAll=true, - ), - ) - .addTemplate( - template.new( - 'container', - '$datasource', - 'label_values(agent_build_info, container)', - refresh='time', - current={ - selected: true, - text: 'All', - value: '$__all', - }, - includeAll=true, - ), - ) - .addTemplate( - template.new( - 'pod', - '$datasource', - 'label_values(agent_build_info{container=~"$container"}, pod)', - refresh='time', - current={ - selected: true, - text: 'All', - value: '$__all', - }, - includeAll=true, - ), - ) - .addTemplate( - template.new( - 'url', - '$datasource', - 'label_values(prometheus_remote_storage_shards{cluster=~"$cluster", pod=~"$pod"}, url)', - refresh='time', - includeAll=true, - ) - ) - .addRow( - row.new('Timestamps') - .addPanel(timestampComparison) - .addPanel(remoteSendLatency) - ) - .addRow( - row.new('Samples') - .addPanel(samplesInRate) - .addPanel(samplesOutRate) - .addPanel(pendingSamples) - .addPanel(droppedSamples) - .addPanel(failedSamples) - .addPanel(retriedSamples) - ) - .addRow( - row.new('Shards') - .addPanel(currentShards) - .addPanel(maxShards) - .addPanel(minShards) - .addPanel(desiredShards) - ) - .addRow( - row.new('Shard Details') - .addPanel(shardsCapacity) - ) - .addRow( - row.new('Segments') - .addPanel(queueSegment) - ) - .addRow( - row.new('Misc. Rates') - .addPanel(enqueueRetries) - ), - - 'agent-tracing-pipeline.json': - local acceptedSpans = - graphPanel.new( - 'Accepted spans', - datasource='$datasource', - interval='1m', - span=3, - legend_show=false, - fill=0, - ) - .addTarget(prometheus.target( - ||| - rate(traces_receiver_accepted_spans{cluster=~"$cluster",namespace=~"$namespace",container=~"$container",pod=~"$pod",receiver!="otlp/lb"}[$__rate_interval]) - |||, - legendFormat='{{ pod }} - {{ receiver }}/{{ transport }}', - )); - - local refusedSpans = - graphPanel.new( - 'Refused spans', - datasource='$datasource', - interval='1m', - span=3, - legend_show=false, - fill=0, - ) - .addTarget(prometheus.target( - ||| - rate(traces_receiver_refused_spans{cluster=~"$cluster",namespace=~"$namespace",container=~"$container",pod=~"$pod",receiver!="otlp/lb"}[$__rate_interval]) - |||, - legendFormat='{{ pod }} - {{ receiver }}/{{ transport }}', - )); - - local sentSpans = - graphPanel.new( - 'Exported spans', - datasource='$datasource', - interval='1m', - span=3, - legend_show=false, - fill=0, - ) - .addTarget(prometheus.target( - ||| - rate(traces_exporter_sent_spans{cluster=~"$cluster",namespace=~"$namespace",container=~"$container",pod=~"$pod",exporter!="otlp"}[$__rate_interval]) - |||, - legendFormat='{{ pod }} - {{ exporter }}', - )); - - local exportedFailedSpans = - graphPanel.new( - 'Exported failed spans', - datasource='$datasource', - interval='1m', - span=3, - legend_show=false, - fill=0, - ) - .addTarget(prometheus.target( - ||| - rate(traces_exporter_send_failed_spans{cluster=~"$cluster",namespace=~"$namespace",container=~"$container",pod=~"$pod",exporter!="otlp"}[$__rate_interval]) - |||, - legendFormat='{{ pod }} - {{ exporter }}', - )); - - local receivedSpans(receiverFilter, width) = - graphPanel.new( - 'Received spans', - datasource='$datasource', - interval='1m', - span=width, - fill=1, - ) - .addTarget(prometheus.target( - ||| - sum(rate(traces_receiver_accepted_spans{cluster=~"$cluster",namespace=~"$namespace",container=~"$container",pod=~"$pod",%s}[$__rate_interval])) - ||| % receiverFilter, - legendFormat='Accepted', - )) - .addTarget(prometheus.target( - ||| - sum(rate(traces_receiver_refused_spans{cluster=~"$cluster",namespace=~"$namespace",container=~"$container",pod=~"$pod",%s}[$__rate_interval])) - ||| % receiverFilter, - legendFormat='Refused', - )); - - local exportedSpans(exporterFilter, width) = - graphPanel.new( - 'Exported spans', - datasource='$datasource', - interval='1m', - span=width, - fill=1, - ) - .addTarget(prometheus.target( - ||| - sum(rate(traces_exporter_sent_spans{cluster=~"$cluster",namespace=~"$namespace",container=~"$container",pod=~"$pod",%s}[$__rate_interval])) - ||| % exporterFilter, - legendFormat='Sent', - )) - .addTarget(prometheus.target( - ||| - sum(rate(traces_exporter_send_failed_spans{cluster=~"$cluster",namespace=~"$namespace",container=~"$container",pod=~"$pod",%s}[$__rate_interval])) - ||| % exporterFilter, - legendFormat='Send failed', - )); - - local loadBalancedSpans = - graphPanel.new( - 'Load-balanced spans', - datasource='$datasource', - interval='1m', - span=3, - fill=1, - stack=true, - ) - .addTarget(prometheus.target( - ||| - rate(traces_loadbalancer_backend_outcome{cluster=~"$cluster",namespace=~"$namespace",success="true",container=~"$container",pod=~"$pod"}[$__rate_interval]) - |||, - legendFormat='{{ pod }}', - )); - - local peersNum = - graphPanel.new( - 'Number of peers', - datasource='$datasource', - interval='1m', - span=3, - legend_show=false, - fill=0, - ) - .addTarget(prometheus.target( - ||| - traces_loadbalancer_num_backends{cluster=~"$cluster",namespace=~"$namespace",container=~"$container",pod=~"$pod"} - |||, - legendFormat='{{ pod }}', - )); - - dashboard.new('Agent Tracing Pipeline', tags=['grafana-agent-mixin'], editable=true, refresh='30s', time_from='now-1h') - .addTemplate( - { - hide: 0, - label: null, - name: 'datasource', - options: [], - query: 'prometheus', - refresh: 1, - regex: '', - type: 'datasource', - }, - ) - .addTemplate( - template.new( - 'cluster', - '$datasource', - 'label_values(agent_build_info, cluster)', - refresh='time', - current={ - selected: true, - text: 'All', - value: '$__all', - }, - includeAll=true, - ), - ) - .addTemplate( - template.new( - 'namespace', - '$datasource', - 'label_values(agent_build_info, namespace)', - refresh='time', - current={ - selected: true, - text: 'All', - value: '$__all', - }, - includeAll=true, - ), - ) - .addTemplate( - template.new( - 'container', - '$datasource', - 'label_values(agent_build_info, container)', - refresh='time', - current={ - selected: true, - text: 'All', - value: '$__all', - }, - includeAll=true, - ), - ) - .addTemplate( - template.new( - 'pod', - '$datasource', - 'label_values(agent_build_info{container=~"$container"}, pod)', - refresh='time', - current={ - selected: true, - text: 'All', - value: '$__all', - }, - includeAll=true, - ), - ) - .addRow( - row.new('Write / Read') - .addPanel(acceptedSpans) - .addPanel(refusedSpans) - .addPanel(sentSpans) - .addPanel(exportedFailedSpans) - .addPanel(receivedSpans('receiver!="otlp/lb"', 6)) - .addPanel(exportedSpans('exporter!="otlp"', 6)) - ) - .addRow( - row.new('Load balancing') - .addPanel(loadBalancedSpans) - .addPanel(peersNum) - .addPanel(receivedSpans('receiver="otlp/lb"', 3)) - .addPanel(exportedSpans('exporter="otlp"', 3)) - ), - - 'agent-logs-pipeline.json': - local sumByPodRateCounter(title, metric, format='short') = - graphPanel.new( - title, - datasource='$datasource', - interval='1m', - span=6, - fill=1, - stack=true, - format=format - ) - .addTarget(prometheus.target( - ||| - sum by($groupBy) (rate(%s{cluster=~"$cluster",namespace=~"$namespace",container=~"$container",pod=~"$pod"}[$__rate_interval])) - ||| % [metric], - legendFormat='{{$groupBy}}', - )); - - local sumByPodGague(title, metric) = - graphPanel.new( - title, - datasource='$datasource', - interval='1m', - span=6, - fill=1, - stack=true, - ) - .addTarget(prometheus.target( - ||| - sum by($groupBy) (%s{cluster=~"$cluster",namespace=~"$namespace",container=~"$container",pod=~"$pod"}) - ||| % [metric], - legendFormat='{{$groupBy}}', - )); - - local requestSuccessRate() = - graphPanel.new( - 'Write requests success rate [%]', - datasource='$datasource', - interval='1m', - fill=0, - span=6, - format='%', - ) - .addTarget(prometheus.target( - ||| - sum by($groupBy) (rate(promtail_request_duration_seconds_bucket{status_code=~"2..", cluster=~"$cluster",namespace=~"$namespace",container=~"$container",pod=~"$pod"}[$__rate_interval])) - / - sum by($groupBy) (rate(promtail_request_duration_seconds_bucket{cluster=~"$cluster",namespace=~"$namespace",container=~"$container",pod=~"$pod"}[$__rate_interval])) - * 100 - |||, - legendFormat='{{$groupBy}}', - )); - - local histogramQuantile(title, metric, q) = - graphPanel.new( - title, - datasource='$datasource', - interval='1m', - span=6, - fill=0, - format='s', - ) - .addTarget(prometheus.target( - ||| - histogram_quantile( - %f, - sum by (le, $groupBy) - (rate(%s{cluster=~"$cluster",namespace=~"$namespace",container=~"$container",pod=~"$pod"}[$__rate_interval])) - ) - ||| % [q, metric], - legendFormat='{{$groupBy}}', - )); - - local histogramAverage(title, metric) = - graphPanel.new( - title, - datasource='$datasource', - interval='1m', - span=6, - fill=0, - format='s', - ) - .addTarget(prometheus.target( - ||| - (sum by (le, $groupBy) (rate(%s_sum{cluster=~"$cluster",namespace=~"$namespace",container=~"$container",pod=~"$pod"}[$__rate_interval]))) - / - (sum by (le, $groupBy) (rate(%s_count{cluster=~"$cluster",namespace=~"$namespace",container=~"$container",pod=~"$pod"}[$__rate_interval]))) - ||| % [metric, metric], - legendFormat='{{$groupBy}}', - )); - - - dashboard.new('Agent Logs Pipeline', tags=['grafana-agent-mixin'], editable=true, refresh='30s', time_from='now-1h') - .addTemplate( - { - hide: 0, - label: null, - name: 'datasource', - options: [], - query: 'prometheus', - refresh: 1, - regex: '', - type: 'datasource', - }, - ) - .addTemplate( - template.new( - 'cluster', - '$datasource', - 'label_values(agent_build_info, cluster)', - refresh='time', - current={ - selected: true, - text: 'All', - value: '$__all', - }, - includeAll=true, - ), - ) - .addTemplate( - template.new( - 'namespace', - '$datasource', - 'label_values(agent_build_info, namespace)', - refresh='time', - current={ - selected: true, - text: 'All', - value: '$__all', - }, - includeAll=true, - ), - ) - .addTemplate( - template.new( - 'container', - '$datasource', - 'label_values(agent_build_info, container)', - refresh='time', - current={ - selected: true, - text: 'All', - value: '$__all', - }, - includeAll=true, - ), - ) - .addTemplate( - template.new( - 'pod', - '$datasource', - 'label_values(agent_build_info{container=~"$container"}, pod)', - refresh='time', - current={ - selected: true, - text: 'All', - value: '$__all', - }, - includeAll=true, - ), - ) - .addTemplate( - template.custom( - 'groupBy', - 'pod,cluster,namespace', - 'pod', - ), - ) - .addRow( - row.new('Errors', height=500) - .addPanel(sumByPodRateCounter('Dropped bytes rate [B/s]', 'promtail_dropped_bytes_total', format='Bps')) - .addPanel(requestSuccessRate()) - ) - .addRow( - row.new('Latencies', height=500) - .addPanel(histogramQuantile('Write latencies p99 [s]', 'promtail_request_duration_seconds_bucket', 0.99)) - .addPanel(histogramQuantile('Write latencies p90 [s]', 'promtail_request_duration_seconds_bucket', 0.90)) - .addPanel(histogramQuantile('Write latencies p50 [s]', 'promtail_request_duration_seconds_bucket', 0.50)) - .addPanel(histogramAverage('Write latencies average [s]', 'promtail_request_duration_seconds')) - ) - .addRow( - row.new('Logs volume', height=500) - .addPanel(sumByPodRateCounter('Bytes read rate [B/s]', 'promtail_read_bytes_total', format='Bps')) - .addPanel(sumByPodRateCounter('Lines read rate [lines/s]', 'promtail_read_lines_total')) - .addPanel(sumByPodGague('Active files count', 'promtail_files_active_total')) - .addPanel(sumByPodRateCounter('Entries sent rate [entries/s]', 'promtail_sent_entries_total')) - ), - }, -} diff --git a/production/grafana-agent-mixin/debugging.libsonnet b/production/grafana-agent-mixin/debugging.libsonnet deleted file mode 100644 index 711184d333f7..000000000000 --- a/production/grafana-agent-mixin/debugging.libsonnet +++ /dev/null @@ -1,128 +0,0 @@ -local utils = import './utils.libsonnet'; -local g = import 'grafana-builder/grafana.libsonnet'; - -{ - grafanaDashboards+:: { - 'agent-operational.json': - utils.injectUtils(g.dashboard('Agent Operational')) - .addMultiTemplate('cluster', 'agent_build_info', 'cluster') - .addMultiTemplate('namespace', 'agent_build_info{cluster=~"$cluster"}', 'namespace') - .addMultiTemplate('container', 'agent_build_info{cluster=~"$cluster", namespace="$namespace"}', 'container') - .addMultiTemplate('pod', 'agent_build_info{cluster=~"$cluster", namespace="$namespace", container="$container"}', 'pod') - .addRow( - g.row('General') - .addPanel( - g.panel('GCs [count/s]') + - g.queryPanel( - 'rate(go_gc_duration_seconds_count{cluster=~"$cluster", namespace=~"$namespace", container=~"$container", pod=~"$pod"}[5m])', - '{{pod}}', - ) - ) - .addPanel( - g.panel('Go Heap In Use') + - { yaxes: g.yaxes('decbytes') } + - g.queryPanel( - 'go_memstats_heap_inuse_bytes{cluster=~"$cluster", namespace=~"$namespace", container=~"$container", pod=~"$pod"}', - '{{pod}}', - ) - ) - .addPanel( - g.panel('Goroutines') + - g.queryPanel( - 'go_goroutines{cluster=~"$cluster", namespace=~"$namespace", container=~"$container", pod=~"$pod"}', - '{{pod}}', - ) - ) - .addPanel( - g.panel('CPU Usage [time/s]') + - g.queryPanel( - 'rate(container_cpu_usage_seconds_total{cluster=~"$cluster", namespace=~"$namespace", container=~"$container", pod=~"$pod"}[5m])', - '{{pod}}', - ) - ) - .addPanel( - g.panel('Working Set Size') + - { yaxes: g.yaxes('decbytes') } + - g.queryPanel( - 'container_memory_working_set_bytes{cluster=~"$cluster", namespace=~"$namespace", container=~"$container", pod=~"$pod"}', - '{{pod}}', - ) - ) - .addPanel( - g.panel('Promtail Bad Words') + - g.queryPanel( - 'rate(promtail_custom_bad_words_total{cluster=~"$cluster", exported_namespace=~"$namespace", exported_job=~"$job"}[5m])', - '{{job}}', - ) - ) - ) - .addRow( - g.row('Network') - .addPanel( - g.panel('Received Bytes [B/s]') + - { yaxes: g.yaxes('Bps') } + - g.queryPanel( - 'sum by (pod) (rate(container_network_receive_bytes_total{cluster=~"$cluster", namespace=~"$namespace", pod=~"$pod"}[5m]))', - '{{pod}}', - ) - ) - .addPanel( - g.panel('Transmitted Bytes [B/s]') + - { yaxes: g.yaxes('Bps') } + - g.queryPanel( - 'sum by (pod) (rate(container_network_transmit_bytes_total{cluster=~"$cluster", namespace=~"$namespace", pod=~"$pod"}[5m]))', - '{{pod}}', - ) - ) - ) - .addRow( - g.row('Prometheus Read') - .addPanel( - g.panel('Heap Used per Series per Pod') + - { yaxes: g.yaxes('decbytes') } + - g.queryPanel( - ||| - (sum by (pod) (avg_over_time(go_memstats_heap_inuse_bytes{cluster=~"$cluster", namespace=~"$namespace", container=~"$container", pod=~"$pod"}[1m]))) - / - (sum by (pod) (agent_wal_storage_active_series{cluster=~"$cluster", namespace=~"$namespace", container=~"$container", pod=~"$pod"})) - |||, - '{{pod}}', - ) - ) - .addPanel( - g.panel('Avg Heap Used per Series') + - { yaxes: g.yaxes('decbytes') } + - g.queryPanel( - ||| - (sum by (container) (avg_over_time(go_memstats_heap_inuse_bytes{cluster=~"$cluster", namespace=~"$namespace", container=~"$container", pod=~"$pod"}[1m]))) - / - (sum by (container) (agent_wal_storage_active_series{cluster=~"$cluster", namespace=~"$namespace", container=~"$container", pod=~"$pod"})) - |||, - '{{container}}', - ) - ) - .addPanel( - g.panel('Series Count per Pod') + - g.queryPanel( - 'sum by (pod) (agent_wal_storage_active_series{cluster=~"$cluster", namespace=~"$namespace", container=~"$container", pod=~"$pod"})', - '{{pod}}', - ) - ) - .addPanel( - g.panel('Series per Config') + - g.queryPanel( - 'sum by (instance_group_name) (agent_wal_storage_active_series{cluster=~"$cluster", namespace=~"$namespace", container=~"$container", pod=~"$pod"})', - '{{instance_group_name}}', - ) - ) - .addPanel( - g.panel('Total Series') + - g.queryPanel( - 'sum by (container) (agent_wal_storage_active_series{cluster=~"$cluster", namespace=~"$namespace", container=~"$container", pod=~"$pod"})', - '{{container}}', - ) - ) - ), - }, -} - diff --git a/production/grafana-agent-mixin/jsonnetfile.json b/production/grafana-agent-mixin/jsonnetfile.json deleted file mode 100644 index e5a27a96ad6a..000000000000 --- a/production/grafana-agent-mixin/jsonnetfile.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - "dependencies": [ - { - "name": "grafana-builder", - "source": { - "git": { - "remote": "https://github.com/grafana/jsonnet-libs", - "subdir": "grafana-builder" - } - }, - "version": "master" - }, - { - "name": "grafonnet", - "source": { - "git": { - "remote": "https://github.com/grafana/grafonnet-lib", - "subdir": "grafonnet" - } - }, - "version": "master" - } - ] -} - diff --git a/production/grafana-agent-mixin/mixin.libsonnet b/production/grafana-agent-mixin/mixin.libsonnet deleted file mode 100644 index 2a015d681601..000000000000 --- a/production/grafana-agent-mixin/mixin.libsonnet +++ /dev/null @@ -1,4 +0,0 @@ -{ grafanaDashboardFolder: 'Grafana Agent' } -+ (import 'dashboards.libsonnet') -+ (import 'debugging.libsonnet') -+ (import 'alerts.libsonnet') diff --git a/production/grafana-agent-mixin/utils.libsonnet b/production/grafana-agent-mixin/utils.libsonnet deleted file mode 100644 index 5467553a7d52..000000000000 --- a/production/grafana-agent-mixin/utils.libsonnet +++ /dev/null @@ -1,34 +0,0 @@ -{ - injectUtils(dashboard):: dashboard { - tags: ['grafana-agent-mixin'], - refresh: '30s', - addMultiTemplateWithAll(name, metric_name, label_name, all='.*', hide=0):: self { - templating+: { - list+: [{ - allValue: all, - current: { - selected: true, - text: 'All', - value: '$__all', - }, - datasource: '$datasource', - hide: hide, - includeAll: true, - label: name, - multi: true, - name: name, - options: [], - query: 'label_values(%s, %s)' % [metric_name, label_name], - refresh: 1, - regex: '', - sort: 2, - tagValuesQuery: '', - tags: [], - tagsQuery: '', - type: 'query', - useTags: false, - }], - }, - }, - }, -} diff --git a/production/kubernetes/README.md b/production/kubernetes/README.md deleted file mode 100644 index 6a98bd3057b6..000000000000 --- a/production/kubernetes/README.md +++ /dev/null @@ -1,50 +0,0 @@ -# Kubernetes Config - -This directory contains Kubernetes manifest templates for rolling out the Agent. - -Manifests: - -- Metric collection (StatefulSet): [`agent-bare.yaml`](./agent-bare.yaml) -- Log collection (DaemonSet): [`agent-loki.yaml`](./agent-loki.yaml) -- Trace collection (Deployment): [`agent-traces.yaml`](./agent-traces.yaml) - -⚠️ **These manifests do not include the Agent's configuration (ConfigMaps)**, -which are necessary to run the Agent. - -For sample configurations and detailed installation instructions, please head to: - -- [Grafana Agent Metrics Kubernetes Quickstart](https://grafana.com/docs/grafana-cloud/quickstart/agent-k8s/k8s_agent_metrics/) -- [Grafana Agent Logs Kubernetes Quickstart](https://grafana.com/docs/grafana-cloud/quickstart/agent-k8s/k8s_agent_logs/) -- [Grafana Agent Traces Kubernetes Quickstart](https://grafana.com/docs/grafana-cloud/quickstart/agent-k8s/k8s_agent_traces/) - -## Manually Applying - -Since the manifest files are just templates, note that they are *not* ready for -applying out of the box and you will have to manually perform the following steps: - -1. Download the manifest as `manifest.yaml` - -2. Modify your copy of the manifest, replacing relevant variables with the appropriate values - -3. Apply the modified manifest file: `kubectl -n default apply -f manifest.yaml`. - -This directory also contains an `install-bare.sh` script that is used inside of -Grafana Cloud instructions. If using the Grafana Agent outside of Grafana Cloud, -it is recommended to follow the steps above instead of calling this script -directly. - -## Rebuilding the manifests - -The manifests provided are created using Grafana Labs' production -[Tanka configs](../tanka/grafana-agent) with some default values. If you want to -build the YAML file with some custom values, you will need the following pieces -of software installed: - -1. [Tanka](https://github.com/grafana/tanka) >= v0.8 -2. [`jsonnet-bundler`](https://github.com/jsonnet-bundler/jsonnet-bundler) >= v0.2.1 - -See the [`template` Tanka environment](./build/templates) for the current -settings that initialize the Grafana Agent Tanka configs. - -To build the YAML files, execute the `./build/build.sh` script or run `make example-kubernetes` -from the project's root directory. diff --git a/production/kubernetes/agent-bare.yaml b/production/kubernetes/agent-bare.yaml deleted file mode 100644 index ccf5d13439ce..000000000000 --- a/production/kubernetes/agent-bare.yaml +++ /dev/null @@ -1,115 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: grafana-agent - namespace: ${NAMESPACE} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: grafana-agent -rules: -- apiGroups: - - "" - resources: - - nodes - - nodes/proxy - - services - - endpoints - - pods - - events - verbs: - - get - - list - - watch -- nonResourceURLs: - - /metrics - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: grafana-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: grafana-agent -subjects: -- kind: ServiceAccount - name: grafana-agent - namespace: ${NAMESPACE} ---- -apiVersion: v1 -kind: Service -metadata: - labels: - name: grafana-agent - name: grafana-agent - namespace: ${NAMESPACE} -spec: - clusterIP: None - ports: - - name: grafana-agent-http-metrics - port: 80 - targetPort: 80 - selector: - name: grafana-agent ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: grafana-agent - namespace: ${NAMESPACE} -spec: - replicas: 1 - selector: - matchLabels: - name: grafana-agent - serviceName: grafana-agent - template: - metadata: - labels: - name: grafana-agent - spec: - containers: - - args: - - -config.expand-env=true - - -config.file=/etc/agent/agent.yaml - - -enable-features=integrations-next - - -server.http.address=0.0.0.0:80 - env: - - name: HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - image: grafana/agent:v0.39.0 - imagePullPolicy: IfNotPresent - name: grafana-agent - ports: - - containerPort: 80 - name: http-metrics - volumeMounts: - - mountPath: /var/lib/agent - name: agent-wal - - mountPath: /etc/agent - name: grafana-agent - serviceAccountName: grafana-agent - volumes: - - configMap: - name: grafana-agent - name: grafana-agent - updateStrategy: - type: RollingUpdate - volumeClaimTemplates: - - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: agent-wal - namespace: ${NAMESPACE} - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 5Gi diff --git a/production/kubernetes/agent-loki.yaml b/production/kubernetes/agent-loki.yaml deleted file mode 100644 index 497462d3efcb..000000000000 --- a/production/kubernetes/agent-loki.yaml +++ /dev/null @@ -1,100 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: grafana-agent-logs - namespace: ${NAMESPACE} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: grafana-agent-logs -rules: -- apiGroups: - - "" - resources: - - nodes - - nodes/proxy - - services - - endpoints - - pods - - events - verbs: - - get - - list - - watch -- nonResourceURLs: - - /metrics - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: grafana-agent-logs -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: grafana-agent-logs -subjects: -- kind: ServiceAccount - name: grafana-agent-logs - namespace: ${NAMESPACE} ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: grafana-agent-logs - namespace: ${NAMESPACE} -spec: - minReadySeconds: 10 - selector: - matchLabels: - name: grafana-agent-logs - template: - metadata: - labels: - name: grafana-agent-logs - spec: - containers: - - args: - - -config.expand-env=true - - -config.file=/etc/agent/agent.yaml - - -server.http.address=0.0.0.0:80 - env: - - name: HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - image: grafana/agent:v0.39.0 - imagePullPolicy: IfNotPresent - name: grafana-agent-logs - ports: - - containerPort: 80 - name: http-metrics - securityContext: - privileged: true - runAsUser: 0 - volumeMounts: - - mountPath: /etc/agent - name: grafana-agent-logs - - mountPath: /var/log - name: varlog - - mountPath: /var/lib/docker/containers - name: varlibdockercontainers - readOnly: true - serviceAccountName: grafana-agent-logs - tolerations: - - effect: NoSchedule - operator: Exists - volumes: - - configMap: - name: grafana-agent-logs - name: grafana-agent-logs - - hostPath: - path: /var/log - name: varlog - - hostPath: - path: /var/lib/docker/containers - name: varlibdockercontainers - updateStrategy: - type: RollingUpdate diff --git a/production/kubernetes/agent-traces.yaml b/production/kubernetes/agent-traces.yaml deleted file mode 100644 index c42cec6125e3..000000000000 --- a/production/kubernetes/agent-traces.yaml +++ /dev/null @@ -1,154 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: grafana-agent-traces - namespace: ${NAMESPACE} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: grafana-agent-traces -rules: -- apiGroups: - - "" - resources: - - nodes - - nodes/proxy - - services - - endpoints - - pods - - events - verbs: - - get - - list - - watch -- nonResourceURLs: - - /metrics - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: grafana-agent-traces -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: grafana-agent-traces -subjects: -- kind: ServiceAccount - name: grafana-agent-traces - namespace: ${NAMESPACE} ---- -apiVersion: v1 -kind: Service -metadata: - labels: - name: grafana-agent-traces - name: grafana-agent-traces - namespace: ${NAMESPACE} -spec: - ports: - - name: grafana-agent-traces-http-metrics - port: 80 - targetPort: 80 - - name: grafana-agent-traces-thrift-compact - port: 6831 - protocol: UDP - targetPort: 6831 - - name: grafana-agent-traces-thrift-binary - port: 6832 - protocol: UDP - targetPort: 6832 - - name: grafana-agent-traces-thrift-http - port: 14268 - protocol: TCP - targetPort: 14268 - - name: grafana-agent-traces-thrift-grpc - port: 14250 - protocol: TCP - targetPort: 14250 - - name: grafana-agent-traces-zipkin - port: 9411 - protocol: TCP - targetPort: 9411 - - name: grafana-agent-traces-otlp-grpc - port: 4317 - protocol: TCP - targetPort: 4317 - - name: grafana-agent-traces-otlp-http - port: 4318 - protocol: TCP - targetPort: 4318 - - name: grafana-agent-traces-opencensus - port: 55678 - protocol: TCP - targetPort: 55678 - selector: - name: grafana-agent-traces ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: grafana-agent-traces - namespace: ${NAMESPACE} -spec: - minReadySeconds: 10 - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - name: grafana-agent-traces - template: - metadata: - labels: - name: grafana-agent-traces - spec: - containers: - - args: - - -config.expand-env=true - - -config.file=/etc/agent/agent.yaml - - -server.http.address=0.0.0.0:80 - env: - - name: HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - image: grafana/agent:v0.39.0 - imagePullPolicy: IfNotPresent - name: grafana-agent-traces - ports: - - containerPort: 80 - name: http-metrics - - containerPort: 6831 - name: thrift-compact - protocol: UDP - - containerPort: 6832 - name: thrift-binary - protocol: UDP - - containerPort: 14268 - name: thrift-http - protocol: TCP - - containerPort: 14250 - name: thrift-grpc - protocol: TCP - - containerPort: 9411 - name: zipkin - protocol: TCP - - containerPort: 4317 - name: otlp-grpc - protocol: TCP - - containerPort: 4318 - name: otlp-http - protocol: TCP - - containerPort: 55678 - name: opencensus - protocol: TCP - volumeMounts: - - mountPath: /etc/agent - name: grafana-agent-traces - serviceAccountName: grafana-agent-traces - volumes: - - configMap: - name: grafana-agent-traces - name: grafana-agent-traces diff --git a/production/kubernetes/build/build.sh b/production/kubernetes/build/build.sh deleted file mode 100755 index 474afb2f1235..000000000000 --- a/production/kubernetes/build/build.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/usr/bin/env bash -# shellcheck shell=bash - -set +e - -DIRNAME=$(dirname "$0") - -pushd "${DIRNAME}" || exit 1 -# Make sure dependencies are up to date -jb install -tk show --dangerous-allow-redirect ./templates/bare > "${PWD}/../agent-bare.yaml" -tk show --dangerous-allow-redirect ./templates/loki > "${PWD}/../agent-loki.yaml" -tk show --dangerous-allow-redirect ./templates/traces > "${PWD}/../agent-traces.yaml" -tk show --dangerous-allow-redirect ./templates/operator > "${PWD}/../../operator/templates/agent-operator.yaml" -popd || exit 1 diff --git a/production/kubernetes/build/jsonnetfile.json b/production/kubernetes/build/jsonnetfile.json deleted file mode 100644 index 392936f6804d..000000000000 --- a/production/kubernetes/build/jsonnetfile.json +++ /dev/null @@ -1,49 +0,0 @@ -{ - "version": 1, - "dependencies": [ - { - "source": { - "git": { - "remote": "https://github.com/grafana/jsonnet-libs.git", - "subdir": "ksonnet-util" - } - }, - "version": "master" - }, - { - "source": { - "git": { - "remote": "https://github.com/jsonnet-libs/k8s-libsonnet.git", - "subdir": "1.21" - } - }, - "version": "main" - }, - { - "source": { - "git": { - "remote": "https://github.com/kubernetes/kube-state-metrics.git", - "subdir": "jsonnet/kube-state-metrics" - } - }, - "version": "v2.5.0" - }, - { - "source": { - "local": { - "directory": "../../tanka/grafana-agent" - } - }, - "version": "" - }, - { - "source": { - "local": { - "directory": "../../tanka/grafana-agent-operator" - } - }, - "version": "" - } - ], - "legacyImports": true -} diff --git a/production/kubernetes/build/jsonnetfile.lock.json b/production/kubernetes/build/jsonnetfile.lock.json deleted file mode 100644 index 3ed712040c13..000000000000 --- a/production/kubernetes/build/jsonnetfile.lock.json +++ /dev/null @@ -1,74 +0,0 @@ -{ - "version": 1, - "dependencies": [ - { - "source": { - "git": { - "remote": "https://github.com/grafana/jsonnet-libs.git", - "subdir": "ksonnet-util" - } - }, - "version": "28a9c400acbc02994ea8b08494571c7b476096b6", - "sum": "OxgtIWL4hjvG0xkMwUzZ7Yjs52zUhLhaVQpwHCbqf8A=" - }, - { - "source": { - "git": { - "remote": "https://github.com/jsonnet-libs/grafana-agent-libsonnet.git", - "subdir": "0.26" - } - }, - "version": "4763fb9dd69acd7c32ea34a708328ad7d1984100", - "sum": "AcBuxWZhGRgcfHFUxYRUOhAnQ9FnEP37fVl68jAQNc8=", - "name": "agent-operator-gen" - }, - { - "source": { - "git": { - "remote": "https://github.com/jsonnet-libs/k8s-libsonnet.git", - "subdir": "1.21" - } - }, - "version": "f8efa81cf15257bd151b97e31599e20b2ba5311b", - "sum": "FYub7WxElJkqjjXA++DemsKHwsPqUFW945BTgpVop6Q=" - }, - { - "source": { - "git": { - "remote": "https://github.com/jsonnet-libs/prometheus-operator-libsonnet.git", - "subdir": "0.57" - } - }, - "version": "daddbdd13374107f78a2489301f7c23ae1eb0b16", - "sum": "8+yZ7FalORuq5ZGpqSnSa+/4YQcPa7x9rClXcjgGCq0=", - "name": "prom-operator-gen" - }, - { - "source": { - "git": { - "remote": "https://github.com/kubernetes/kube-state-metrics.git", - "subdir": "jsonnet/kube-state-metrics" - } - }, - "version": "0567e1e1b981755e563d2244fa1659563f2cddbc", - "sum": "P0dCnbzyPScQGNXwXRcwiPkMLeTq0IPNbSTysDbySnM=" - }, - { - "source": { - "local": { - "directory": "../../tanka/grafana-agent" - } - }, - "version": "" - }, - { - "source": { - "local": { - "directory": "../../tanka/grafana-agent-operator" - } - }, - "version": "" - } - ], - "legacyImports": false -} diff --git a/production/kubernetes/build/lib/k.libsonnet b/production/kubernetes/build/lib/k.libsonnet deleted file mode 100644 index 3004bc3cf935..000000000000 --- a/production/kubernetes/build/lib/k.libsonnet +++ /dev/null @@ -1 +0,0 @@ -(import 'github.com/jsonnet-libs/k8s-libsonnet/1.21/main.libsonnet') diff --git a/production/kubernetes/build/lib/version.libsonnet b/production/kubernetes/build/lib/version.libsonnet deleted file mode 100644 index 70fb0ff0cffe..000000000000 --- a/production/kubernetes/build/lib/version.libsonnet +++ /dev/null @@ -1 +0,0 @@ -'grafana/agent:v0.39.0' diff --git a/production/kubernetes/build/templates/bare/main.jsonnet b/production/kubernetes/build/templates/bare/main.jsonnet deleted file mode 100644 index fda8512f0291..000000000000 --- a/production/kubernetes/build/templates/bare/main.jsonnet +++ /dev/null @@ -1,41 +0,0 @@ -local agent = import 'grafana-agent/v2/main.libsonnet'; -local k = import 'ksonnet-util/kausal.libsonnet'; - -local pvc = k.core.v1.persistentVolumeClaim; -local volumeMount = k.core.v1.volumeMount; -local containerPort = k.core.v1.containerPort; - -{ - agent: - agent.new(name='grafana-agent', namespace='${NAMESPACE}') + - agent.withStatefulSetController( - replicas=1, - volumeClaims=[ - pvc.new() + - pvc.mixin.metadata.withName('agent-wal') + - pvc.mixin.metadata.withNamespace('${NAMESPACE}') + - pvc.mixin.spec.withAccessModes('ReadWriteOnce') + - pvc.mixin.spec.resources.withRequests({ storage: '5Gi' }), - ], - ) + - agent.withConfigHash(false) + - agent.withArgsMixin({ - 'enable-features': 'integrations-next' - },) + - // add dummy config or else will fail - agent.withAgentConfig({ - server: { log_level: 'error' }, - }) + - agent.withVolumeMountsMixin([volumeMount.new('agent-wal', '/var/lib/agent')]) + - // headless svc needed by statefulset - agent.withService() + - { - controller_service+: { - spec+: { - clusterIP: 'None', - }, - }, - } + - // hack to disable ConfigMap - { configMap:: super.configMap }, -} diff --git a/production/kubernetes/build/templates/bare/spec.json b/production/kubernetes/build/templates/bare/spec.json deleted file mode 100644 index d97d07154983..000000000000 --- a/production/kubernetes/build/templates/bare/spec.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "apiVersion": "tanka.dev/v1alpha1", - "kind": "Environment", - "metadata": { - "name": "template" - }, - "spec": { - "apiServer": "", - "namespace": "" - } -} diff --git a/production/kubernetes/build/templates/base-sigv4/main.jsonnet b/production/kubernetes/build/templates/base-sigv4/main.jsonnet deleted file mode 100644 index 5297475e61d9..000000000000 --- a/production/kubernetes/build/templates/base-sigv4/main.jsonnet +++ /dev/null @@ -1,31 +0,0 @@ -local agent = import 'grafana-agent/grafana-agent.libsonnet'; - -local k = import 'ksonnet-util/kausal.libsonnet'; -local serviceAccount = k.core.v1.serviceAccount; - -agent { - _images+:: { - agent: (import 'version.libsonnet'), - }, - - _config+:: { - namespace: '${NAMESPACE}', - agent_remote_write: [{ - url: '${REMOTE_WRITE_URL}', - sigv4: { - region: '${REGION}', - }, - }], - - // Since the config map isn't managed by Tanka, we don't want to - // add the configmap's hash as an annotation for the Kubernetes - // YAML manifest. - agent_config_hash_annotation: false, - }, - - agent_rbac+: { - service_account+: serviceAccount.mixin.metadata.withAnnotationsMixin({ - 'eks.amazonaws.com/role-arn': '${ROLE_ARN}', - }), - }, -} diff --git a/production/kubernetes/build/templates/base-sigv4/spec.json b/production/kubernetes/build/templates/base-sigv4/spec.json deleted file mode 100644 index d97d07154983..000000000000 --- a/production/kubernetes/build/templates/base-sigv4/spec.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "apiVersion": "tanka.dev/v1alpha1", - "kind": "Environment", - "metadata": { - "name": "template" - }, - "spec": { - "apiServer": "", - "namespace": "" - } -} diff --git a/production/kubernetes/build/templates/base/main.jsonnet b/production/kubernetes/build/templates/base/main.jsonnet deleted file mode 100644 index 687b6ad74ddd..000000000000 --- a/production/kubernetes/build/templates/base/main.jsonnet +++ /dev/null @@ -1,23 +0,0 @@ -local agent = import 'grafana-agent/grafana-agent.libsonnet'; - -agent { - _images+:: { - agent: (import 'version.libsonnet'), - }, - - _config+:: { - namespace: '${NAMESPACE}', - agent_remote_write: [{ - url: '${REMOTE_WRITE_URL}', - basic_auth: { - username: '${REMOTE_WRITE_USERNAME}', - password: '${REMOTE_WRITE_PASSWORD}', - }, - }], - - // Since the config map isn't managed by Tanka, we don't want to - // add the configmap's hash as an annotation for the Kubernetes - // YAML manifest. - agent_config_hash_annotation: false, - }, -} diff --git a/production/kubernetes/build/templates/base/spec.json b/production/kubernetes/build/templates/base/spec.json deleted file mode 100644 index d97d07154983..000000000000 --- a/production/kubernetes/build/templates/base/spec.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "apiVersion": "tanka.dev/v1alpha1", - "kind": "Environment", - "metadata": { - "name": "template" - }, - "spec": { - "apiServer": "", - "namespace": "" - } -} diff --git a/production/kubernetes/build/templates/loki/main.jsonnet b/production/kubernetes/build/templates/loki/main.jsonnet deleted file mode 100644 index 1ec9540e62e8..000000000000 --- a/production/kubernetes/build/templates/loki/main.jsonnet +++ /dev/null @@ -1,17 +0,0 @@ -local agent = import 'grafana-agent/v2/main.libsonnet'; -local k = import 'ksonnet-util/kausal.libsonnet'; - -{ - agent: - agent.new(name='grafana-agent-logs', namespace='${NAMESPACE}') + - agent.withDaemonSetController() + - agent.withConfigHash(false) + - // add dummy config or else will fail - agent.withAgentConfig({ - server: { log_level: 'error' }, - }) + - agent.withLogVolumeMounts() + - agent.withLogPermissions() + - // hack to disable configmap - { configMap:: super.configMap } -} diff --git a/production/kubernetes/build/templates/loki/spec.json b/production/kubernetes/build/templates/loki/spec.json deleted file mode 100644 index d97d07154983..000000000000 --- a/production/kubernetes/build/templates/loki/spec.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "apiVersion": "tanka.dev/v1alpha1", - "kind": "Environment", - "metadata": { - "name": "template" - }, - "spec": { - "apiServer": "", - "namespace": "" - } -} diff --git a/production/kubernetes/build/templates/operator/main.jsonnet b/production/kubernetes/build/templates/operator/main.jsonnet deleted file mode 100644 index efc5b6e9df9f..000000000000 --- a/production/kubernetes/build/templates/operator/main.jsonnet +++ /dev/null @@ -1,160 +0,0 @@ -local k = import 'ksonnet-util/kausal.libsonnet'; -local secret = k.core.v1.secret; -local pvc = k.core.v1.persistentVolumeClaim; - -local gen = import 'agent-operator-gen/main.libsonnet'; -local ga = gen.monitoring.v1alpha1.grafanaAgent; -local mi = gen.monitoring.v1alpha1.metricsInstance; -local li = gen.monitoring.v1alpha1.logsInstance; -local pl = gen.monitoring.v1alpha1.podLogs; -local int = gen.monitoring.v1alpha1.integration; - -local op = import 'grafana-agent-operator/operator.libsonnet'; -local ga_util = import 'grafana-agent-operator/util/grafana-agent.libsonnet'; -local mi_util = import 'grafana-agent-operator/util/metricsinstance.libsonnet'; -local li_util = import 'grafana-agent-operator/util/logsinstance.libsonnet'; -local pl_util = import 'grafana-agent-operator/util/k8slogs.libsonnet'; -local mon_util = import 'grafana-agent-operator/util/k8smonitors.libsonnet'; -local int_util = import 'grafana-agent-operator/util/integrations.libsonnet'; - -local ksm = import 'kube-state-metrics/kube-state-metrics.libsonnet'; - -{ - local this = self, - - _images:: { - agent: 'grafana/agent:v0.39.0', - agent_operator: 'grafana/agent-operator:v0.39.0', - ksm: 'registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.5.0', - }, - - _config:: { - namespace: '${NAMESPACE}', - metrics_url: '${METRICS_URL}', - metrics_user: '${METRICS_USER}', - metrics_key: '${METRICS_KEY}', - logs_url: '${LOGS_URL}', - logs_user: '${LOGS_USER}', - logs_key: '${LOGS_KEY}', - cluster_label: { cluster: '${CLUSTER}' }, - kubelet_job: 'kubelet', - cadvisor_job: 'cadvisor', - ksm_job: 'kube-state-metrics', - ksm_version: '2.5.0', - }, - - operator: - op.new(name='grafana-agent-operator', namespace=this._config.namespace, image=this._images.agent_operator, serviceAccount='grafana-agent-operator') + - op.withRbac(name='grafana-agent-operator', namespace=this._config.namespace), - - grafana_agent: - ga.new(name='grafana-agent') + - ga.metadata.withNamespace(this._config.namespace) + - ga.spec.withServiceAccountName('grafana-agent') + - ga.spec.withImage(this._images.agent) + - ga.spec.metrics.instanceSelector.withMatchLabels({ agent: 'grafana-agent' }) + - ga.spec.logs.instanceSelector.withMatchLabels({ agent: 'grafana-agent' }) + - ga.spec.integrations.selector.withMatchLabels({ agent: 'grafana-agent' }) + - ga.spec.metrics.withExternalLabels(this._config.cluster_label), - rbac: - ga_util.withRbac(name='grafana-agent', namespace=this._config.namespace), - - metrics_instance: - mi.new(name='grafana-agent-metrics') + - mi.metadata.withNamespace(this._config.namespace) + - mi.metadata.withLabels({ agent: 'grafana-agent' }) + - mi.spec.serviceMonitorSelector.withMatchLabels({ instance: 'primary' }) + - mi_util.withRemoteWrite(secretName='metrics-secret', metricsUrl=this._config.metrics_url) + - mi_util.withNilServiceMonitorNamespace(), - metrics_secret: - secret.new('metrics-secret', {}) + - secret.withStringData({ - username: this._config.metrics_user, - password: this._config.metrics_key, - }) + secret.mixin.metadata.withNamespace(this._config.namespace), - - logs_instance: - li.new(name='grafana-agent-logs') + - li.metadata.withNamespace(this._config.namespace) + - li.metadata.withLabels({ agent: 'grafana-agent' }) + - li.spec.podLogsSelector.withMatchLabels({ instance: 'primary' }) + - li_util.withLogsClient(secretName='logs-secret', logsUrl=this._config.logs_url, externalLabels=this._config.cluster_label) + - li_util.withNilPodLogsNamespace(), - logs_secret: - secret.new('logs-secret', {}) + - secret.withStringData({ - username: this._config.logs_user, - password: this._config.logs_key, - }) + secret.mixin.metadata.withNamespace(this._config.namespace), - - pod_logs: - pl.new('kubernetes-logs') + - pl.metadata.withNamespace(this._config.namespace) + - pl.metadata.withLabels({ instance: 'primary' }) + - pl.spec.withPipelineStages(pl.spec.pipelineStages.withCri({})) + - pl.spec.namespaceSelector.withAny(true) + - pl.spec.selector.withMatchLabels({}) + - pl.spec.withRelabelings(pl_util.withK8sLogsRelabeling()), - - k8s_monitors: [ - mon_util.newKubernetesMonitor( - name='kubelet-monitor', - namespace=this._config.namespace, - monitorLabels={ instance: 'primary' }, - targetNamespace='default', - targetLabels={ 'app.kubernetes.io/name': 'kubelet' }, - jobLabel=this._config.kubelet_job, - metricsPath='/metrics', - allowlist=false, - allowlistMetrics=[] - ), - mon_util.newKubernetesMonitor( - name='cadvisor-monitor', - namespace=this._config.namespace, - monitorLabels={ instance: 'primary' }, - targetNamespace='default', - targetLabels={ 'app.kubernetes.io/name': 'kubelet' }, - jobLabel=this._config.cadvisor_job, - metricsPath='/metrics/cadvisor', - allowlist=false, - allowlistMetrics=[] - ), - mon_util.newServiceMonitor( - name='ksm-monitor', - namespace=this._config.namespace, - monitorLabels={ instance: 'primary' }, - targetNamespace=this._config.namespace, - targetLabels={ 'app.kubernetes.io/name': 'kube-state-metrics' }, - jobLabel=this._config.ksm_job, - metricsPath='/metrics', - allowlist=false, - allowlistMetrics=[] - ), - ], - - kube_state_metrics: - ksm { - name:: 'kube-state-metrics', - namespace:: this._config.namespace, - version:: this._config.ksm_version, - image:: this._images.ksm, - }, - - events: - int.new('agent-eventhandler') + - int.metadata.withNamespace(this._config.namespace) + - int.metadata.withLabels({ agent: 'grafana-agent' }) + - int.spec.withName('eventhandler') + - int.spec.type.withUnique(true) + - int.spec.withConfig({ - logs_instance: this._config.namespace + '/' + 'grafana-agent-logs', - cache_path: '/etc/eventhandler/eventhandler.cache', - }) + - int_util.withPVC('agent-eventhandler'), - pvc: - pvc.new('agent-eventhandler') + - pvc.mixin.metadata.withNamespace(this._config.namespace) + - pvc.mixin.spec.withAccessModes('ReadWriteOnce') + - pvc.mixin.spec.resources.withRequests({ storage: '1Gi' }), - -} diff --git a/production/kubernetes/build/templates/operator/spec.json b/production/kubernetes/build/templates/operator/spec.json deleted file mode 100644 index d97d07154983..000000000000 --- a/production/kubernetes/build/templates/operator/spec.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "apiVersion": "tanka.dev/v1alpha1", - "kind": "Environment", - "metadata": { - "name": "template" - }, - "spec": { - "apiServer": "", - "namespace": "" - } -} diff --git a/production/kubernetes/build/templates/traces/main.jsonnet b/production/kubernetes/build/templates/traces/main.jsonnet deleted file mode 100644 index 4868b6829aaf..000000000000 --- a/production/kubernetes/build/templates/traces/main.jsonnet +++ /dev/null @@ -1,41 +0,0 @@ -local agent = import 'grafana-agent/v2/main.libsonnet'; -local k = import 'ksonnet-util/kausal.libsonnet'; - -local containerPort = k.core.v1.containerPort; - -local newPort(name, portNumber, protocol='TCP') = - // Port names for pods cannot be longer than 15 characters. - if std.length(name) > 15 then - error 'port name cannot be longer than 15 characters' - else containerPort.new(name, portNumber) + containerPort.withProtocol(protocol); - -{ - agent: - agent.new(name='grafana-agent-traces', namespace='${NAMESPACE}') + - agent.withDeploymentController(replicas=1) + - agent.withConfigHash(false) + - agent.withPortsMixin([ - // Jaeger receiver - newPort('thrift-compact', 6831, 'UDP'), - newPort('thrift-binary', 6832, 'UDP'), - newPort('thrift-http', 14268, 'TCP'), - newPort('thrift-grpc', 14250, 'TCP'), - - // Zipkin - newPort('zipkin', 9411, 'TCP'), - - // OTLP - newPort('otlp-grpc', 4317, 'TCP'), - newPort('otlp-http', 4318, 'TCP'), - - // Opencensus - newPort('opencensus', 55678, 'TCP'), - ]) + - agent.withService() + - // add dummy config or will fail - agent.withAgentConfig({ - server: { log_level: 'error' }, - }) + - // remove configMap for generated manifests - { configMap:: super.configMap } -} diff --git a/production/kubernetes/build/templates/traces/spec.json b/production/kubernetes/build/templates/traces/spec.json deleted file mode 100644 index d97d07154983..000000000000 --- a/production/kubernetes/build/templates/traces/spec.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "apiVersion": "tanka.dev/v1alpha1", - "kind": "Environment", - "metadata": { - "name": "template" - }, - "spec": { - "apiServer": "", - "namespace": "" - } -} diff --git a/production/kubernetes/install-bare.sh b/production/kubernetes/install-bare.sh deleted file mode 100644 index 32127903a224..000000000000 --- a/production/kubernetes/install-bare.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/usr/bin/env bash -# shellcheck shell=bash - -# -# install-bare.sh is an installer for the Agent without a ConfigMap. It is -# used during the Grafana Cloud integrations wizard and is not recommended -# to be used directly. Instead of calling this script directly, please -# make a copy of ./agent-bare.yaml and modify it for your needs. -# -# Note that agent-bare.yaml does not have a ConfigMap, so the Grafana Agent -# will not launch until one is created. For more information on setting up -# a ConfigMap, please refer to: -# -# Metrics quickstart: https://grafana.com/docs/grafana-cloud/quickstart/agent-k8s/k8s_agent_metrics/ -# Logs quickstart: https://grafana.com/docs/grafana-cloud/quickstart/agent-k8s/k8s_agent_logs/ -# - -check_installed() { - if ! type "$1" >/dev/null 2>&1; then - echo "error: $1 not installed" >&2 - exit 1 - fi -} - -check_installed curl -check_installed envsubst - -MANIFEST_BRANCH=v0.39.0 -MANIFEST_URL=${MANIFEST_URL:-https://raw.githubusercontent.com/grafana/agent/${MANIFEST_BRANCH}/production/kubernetes/agent-bare.yaml} -NAMESPACE=${NAMESPACE:-default} - -export NAMESPACE - -curl -fsSL "$MANIFEST_URL" | envsubst diff --git a/production/operator/crds/monitoring.coreos.com_podmonitors.yaml b/production/operator/crds/monitoring.coreos.com_podmonitors.yaml deleted file mode 100644 index 3e1fae0fc527..000000000000 --- a/production/operator/crds/monitoring.coreos.com_podmonitors.yaml +++ /dev/null @@ -1,679 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: podmonitors.monitoring.coreos.com -spec: - group: monitoring.coreos.com - names: - categories: - - prometheus-operator - kind: PodMonitor - listKind: PodMonitorList - plural: podmonitors - shortNames: - - pmon - singular: podmonitor - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: PodMonitor defines monitoring for a set of pods. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Specification of desired Pod selection for target discovery - by Prometheus. - properties: - attachMetadata: - description: Attaches node metadata to discovered targets. Requires - Prometheus v2.35.0 and above. - properties: - node: - description: When set to true, Prometheus must have permissions - to get Nodes. - type: boolean - type: object - jobLabel: - description: The label to use to retrieve the job name from. - type: string - labelLimit: - description: Per-scrape limit on number of labels that will be accepted - for a sample. Only valid in Prometheus versions 2.27.0 and newer. - format: int64 - type: integer - labelNameLengthLimit: - description: Per-scrape limit on length of labels name that will be - accepted for a sample. Only valid in Prometheus versions 2.27.0 - and newer. - format: int64 - type: integer - labelValueLengthLimit: - description: Per-scrape limit on length of labels value that will - be accepted for a sample. Only valid in Prometheus versions 2.27.0 - and newer. - format: int64 - type: integer - namespaceSelector: - description: Selector to select which namespaces the Endpoints objects - are discovered from. - properties: - any: - description: Boolean describing whether all namespaces are selected - in contrast to a list restricting them. - type: boolean - matchNames: - description: List of namespace names to select from. - items: - type: string - type: array - type: object - podMetricsEndpoints: - description: A list of endpoints allowed as part of this PodMonitor. - items: - description: PodMetricsEndpoint defines a scrapeable endpoint of - a Kubernetes Pod serving Prometheus metrics. - properties: - authorization: - description: Authorization section for this endpoint - properties: - credentials: - description: The secret's key that contains the credentials - of the request - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: Set the authentication type. Defaults to Bearer, - Basic will cause an error - type: string - type: object - basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over - basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint' - properties: - password: - description: The secret in the service monitor namespace - that contains the password for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: The secret in the service monitor namespace - that contains the username for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - bearerTokenSecret: - description: Secret to mount to read bearer token for scraping - targets. The secret needs to be in the same namespace as the - pod monitor and accessible by the Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - enableHttp2: - description: Whether to enable HTTP2. - type: boolean - filterRunning: - description: 'Drop pods that are not running. (Failed, Succeeded). - Enabled by default. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase' - type: boolean - followRedirects: - description: FollowRedirects configures whether scrape requests - follow HTTP 3xx redirects. - type: boolean - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - interval: - description: Interval at which metrics should be scraped If - not specified Prometheus' global scrape interval is used. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - metricRelabelings: - description: MetricRelabelConfigs to apply to samples before - ingestion. - items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It - defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' - properties: - action: - default: replace - description: Action to perform based on regex matching. - Default is 'replace'. uppercase and lowercase actions - require Prometheus >= 2.36. - enum: - - replace - - Replace - - keep - - Keep - - drop - - Drop - - hashmod - - HashMod - - labelmap - - LabelMap - - labeldrop - - LabelDrop - - labelkeep - - LabelKeep - - lowercase - - Lowercase - - uppercase - - Uppercase - - keepequal - - KeepEqual - - dropequal - - DropEqual - type: string - modulus: - description: Modulus to take of the hash of the source - label values. - format: int64 - type: integer - regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' - type: string - replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' - type: string - separator: - description: Separator placed between concatenated source - label values. default is ';'. - type: string - sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. - items: - description: LabelName is a valid Prometheus label name - which may only contain ASCII letters, numbers, as - well as underscores. - pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ - type: string - type: array - targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. - type: string - type: object - type: array - oauth2: - description: OAuth2 for the URL. Only valid in Prometheus versions - 2.27.0 and newer. - properties: - clientId: - description: The secret or configmap containing the OAuth2 - client id - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - clientSecret: - description: The secret containing the OAuth2 client secret - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - endpointParams: - additionalProperties: - type: string - description: Parameters to append to the token URL - type: object - scopes: - description: OAuth2 scopes used for the token request - items: - type: string - type: array - tokenUrl: - description: The URL to fetch the token from - minLength: 1 - type: string - required: - - clientId - - clientSecret - - tokenUrl - type: object - params: - additionalProperties: - items: - type: string - type: array - description: Optional HTTP URL parameters - type: object - path: - description: HTTP path to scrape for metrics. If empty, Prometheus - uses the default value (e.g. `/metrics`). - type: string - port: - description: Name of the pod port this endpoint refers to. Mutually - exclusive with targetPort. - type: string - proxyUrl: - description: ProxyURL eg http://proxyserver:2195 Directs scrapes - to proxy through this endpoint. - type: string - relabelings: - description: 'RelabelConfigs to apply to samples before scraping. - Prometheus Operator automatically adds relabelings for a few - standard Kubernetes fields. The original scrape job''s name - is available via the `__tmp_prometheus_job_name` label. More - info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' - items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It - defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' - properties: - action: - default: replace - description: Action to perform based on regex matching. - Default is 'replace'. uppercase and lowercase actions - require Prometheus >= 2.36. - enum: - - replace - - Replace - - keep - - Keep - - drop - - Drop - - hashmod - - HashMod - - labelmap - - LabelMap - - labeldrop - - LabelDrop - - labelkeep - - LabelKeep - - lowercase - - Lowercase - - uppercase - - Uppercase - - keepequal - - KeepEqual - - dropequal - - DropEqual - type: string - modulus: - description: Modulus to take of the hash of the source - label values. - format: int64 - type: integer - regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' - type: string - replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' - type: string - separator: - description: Separator placed between concatenated source - label values. default is ';'. - type: string - sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. - items: - description: LabelName is a valid Prometheus label name - which may only contain ASCII letters, numbers, as - well as underscores. - pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ - type: string - type: array - targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. - type: string - type: object - type: array - scheme: - description: HTTP scheme to use for scraping. `http` and `https` - are the expected values unless you rewrite the `__scheme__` - label via relabeling. If empty, Prometheus uses the default - value `http`. - enum: - - http - - https - type: string - scrapeTimeout: - description: Timeout after which the scrape is ended If not - specified, the Prometheus global scrape interval is used. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Deprecated: Use ''port'' instead.' - x-kubernetes-int-or-string: true - tlsConfig: - description: TLS configuration to use when scraping the endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - type: object - type: array - podTargetLabels: - description: PodTargetLabels transfers labels on the Kubernetes Pod - onto the target. - items: - type: string - type: array - sampleLimit: - description: SampleLimit defines per-scrape limit on number of scraped - samples that will be accepted. - format: int64 - type: integer - selector: - description: Selector to select Pod objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - targetLimit: - description: TargetLimit defines a limit on the number of scraped - targets that will be accepted. - format: int64 - type: integer - required: - - podMetricsEndpoints - - selector - type: object - required: - - spec - type: object - served: true - storage: true diff --git a/production/operator/crds/monitoring.coreos.com_probes.yaml b/production/operator/crds/monitoring.coreos.com_probes.yaml deleted file mode 100644 index 7ece55d2ac5e..000000000000 --- a/production/operator/crds/monitoring.coreos.com_probes.yaml +++ /dev/null @@ -1,722 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: probes.monitoring.coreos.com -spec: - group: monitoring.coreos.com - names: - categories: - - prometheus-operator - kind: Probe - listKind: ProbeList - plural: probes - shortNames: - - prb - singular: probe - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: Probe defines monitoring for a set of static targets or ingresses. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Specification of desired Ingress selection for target discovery - by Prometheus. - properties: - authorization: - description: Authorization section for this endpoint - properties: - credentials: - description: The secret's key that contains the credentials of - the request - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: Set the authentication type. Defaults to Bearer, - Basic will cause an error - type: string - type: object - basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over basic - authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint' - properties: - password: - description: The secret in the service monitor namespace that - contains the password for authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: The secret in the service monitor namespace that - contains the username for authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - bearerTokenSecret: - description: Secret to mount to read bearer token for scraping targets. - The secret needs to be in the same namespace as the probe and accessible - by the Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must be a - valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - interval: - description: Interval at which targets are probed using the configured - prober. If not specified Prometheus' global scrape interval is used. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - jobName: - description: The job name assigned to scraped metrics by default. - type: string - labelLimit: - description: Per-scrape limit on number of labels that will be accepted - for a sample. Only valid in Prometheus versions 2.27.0 and newer. - format: int64 - type: integer - labelNameLengthLimit: - description: Per-scrape limit on length of labels name that will be - accepted for a sample. Only valid in Prometheus versions 2.27.0 - and newer. - format: int64 - type: integer - labelValueLengthLimit: - description: Per-scrape limit on length of labels value that will - be accepted for a sample. Only valid in Prometheus versions 2.27.0 - and newer. - format: int64 - type: integer - metricRelabelings: - description: MetricRelabelConfigs to apply to samples before ingestion. - items: - description: 'RelabelConfig allows dynamic rewriting of the label - set, being applied to samples before ingestion. It defines ``-section - of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' - properties: - action: - default: replace - description: Action to perform based on regex matching. Default - is 'replace'. uppercase and lowercase actions require Prometheus - >= 2.36. - enum: - - replace - - Replace - - keep - - Keep - - drop - - Drop - - hashmod - - HashMod - - labelmap - - LabelMap - - labeldrop - - LabelDrop - - labelkeep - - LabelKeep - - lowercase - - Lowercase - - uppercase - - Uppercase - - keepequal - - KeepEqual - - dropequal - - DropEqual - type: string - modulus: - description: Modulus to take of the hash of the source label - values. - format: int64 - type: integer - regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' - type: string - replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex capture - groups are available. Default is '$1' - type: string - separator: - description: Separator placed between concatenated source label - values. default is ';'. - type: string - sourceLabels: - description: The source labels select values from existing labels. - Their content is concatenated using the configured separator - and matched against the configured regular expression for - the replace, keep, and drop actions. - items: - description: LabelName is a valid Prometheus label name which - may only contain ASCII letters, numbers, as well as underscores. - pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ - type: string - type: array - targetLabel: - description: Label to which the resulting value is written in - a replace action. It is mandatory for replace actions. Regex - capture groups are available. - type: string - type: object - type: array - module: - description: 'The module to use for probing specifying how to probe - the target. Example module configuring in the blackbox exporter: - https://github.com/prometheus/blackbox_exporter/blob/master/example.yml' - type: string - oauth2: - description: OAuth2 for the URL. Only valid in Prometheus versions - 2.27.0 and newer. - properties: - clientId: - description: The secret or configmap containing the OAuth2 client - id - properties: - configMap: - description: ConfigMap containing data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - clientSecret: - description: The secret containing the OAuth2 client secret - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - endpointParams: - additionalProperties: - type: string - description: Parameters to append to the token URL - type: object - scopes: - description: OAuth2 scopes used for the token request - items: - type: string - type: array - tokenUrl: - description: The URL to fetch the token from - minLength: 1 - type: string - required: - - clientId - - clientSecret - - tokenUrl - type: object - prober: - description: Specification for the prober to use for probing targets. - The prober.URL parameter is required. Targets cannot be probed if - left empty. - properties: - path: - default: /probe - description: Path to collect metrics from. Defaults to `/probe`. - type: string - proxyUrl: - description: Optional ProxyURL. - type: string - scheme: - description: HTTP scheme to use for scraping. `http` and `https` - are the expected values unless you rewrite the `__scheme__` - label via relabeling. If empty, Prometheus uses the default - value `http`. - enum: - - http - - https - type: string - url: - description: Mandatory URL of the prober. - type: string - required: - - url - type: object - sampleLimit: - description: SampleLimit defines per-scrape limit on number of scraped - samples that will be accepted. - format: int64 - type: integer - scrapeTimeout: - description: Timeout for scraping metrics from the Prometheus exporter. - If not specified, the Prometheus global scrape timeout is used. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - targetLimit: - description: TargetLimit defines a limit on the number of scraped - targets that will be accepted. - format: int64 - type: integer - targets: - description: Targets defines a set of static or dynamically discovered - targets to probe. - properties: - ingress: - description: ingress defines the Ingress objects to probe and - the relabeling configuration. If `staticConfig` is also defined, - `staticConfig` takes precedence. - properties: - namespaceSelector: - description: From which namespaces to select Ingress objects. - properties: - any: - description: Boolean describing whether all namespaces - are selected in contrast to a list restricting them. - type: boolean - matchNames: - description: List of namespace names to select from. - items: - type: string - type: array - type: object - relabelingConfigs: - description: 'RelabelConfigs to apply to the label set of - the target before it gets scraped. The original ingress - address is available via the `__tmp_prometheus_ingress_address` - label. It can be used to customize the probed URL. The original - scrape job''s name is available via the `__tmp_prometheus_job_name` - label. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' - items: - description: 'RelabelConfig allows dynamic rewriting of - the label set, being applied to samples before ingestion. - It defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' - properties: - action: - default: replace - description: Action to perform based on regex matching. - Default is 'replace'. uppercase and lowercase actions - require Prometheus >= 2.36. - enum: - - replace - - Replace - - keep - - Keep - - drop - - Drop - - hashmod - - HashMod - - labelmap - - LabelMap - - labeldrop - - LabelDrop - - labelkeep - - LabelKeep - - lowercase - - Lowercase - - uppercase - - Uppercase - - keepequal - - KeepEqual - - dropequal - - DropEqual - type: string - modulus: - description: Modulus to take of the hash of the source - label values. - format: int64 - type: integer - regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' - type: string - replacement: - description: Replacement value against which a regex - replace is performed if the regular expression matches. - Regex capture groups are available. Default is '$1' - type: string - separator: - description: Separator placed between concatenated source - label values. default is ';'. - type: string - sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. - items: - description: LabelName is a valid Prometheus label - name which may only contain ASCII letters, numbers, - as well as underscores. - pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ - type: string - type: array - targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. - type: string - type: object - type: array - selector: - description: Selector to select the Ingress objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - type: object - staticConfig: - description: 'staticConfig defines the static list of targets - to probe and the relabeling configuration. If `ingress` is also - defined, `staticConfig` takes precedence. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config.' - properties: - labels: - additionalProperties: - type: string - description: Labels assigned to all metrics scraped from the - targets. - type: object - relabelingConfigs: - description: 'RelabelConfigs to apply to the label set of - the targets before it gets scraped. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' - items: - description: 'RelabelConfig allows dynamic rewriting of - the label set, being applied to samples before ingestion. - It defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' - properties: - action: - default: replace - description: Action to perform based on regex matching. - Default is 'replace'. uppercase and lowercase actions - require Prometheus >= 2.36. - enum: - - replace - - Replace - - keep - - Keep - - drop - - Drop - - hashmod - - HashMod - - labelmap - - LabelMap - - labeldrop - - LabelDrop - - labelkeep - - LabelKeep - - lowercase - - Lowercase - - uppercase - - Uppercase - - keepequal - - KeepEqual - - dropequal - - DropEqual - type: string - modulus: - description: Modulus to take of the hash of the source - label values. - format: int64 - type: integer - regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' - type: string - replacement: - description: Replacement value against which a regex - replace is performed if the regular expression matches. - Regex capture groups are available. Default is '$1' - type: string - separator: - description: Separator placed between concatenated source - label values. default is ';'. - type: string - sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. - items: - description: LabelName is a valid Prometheus label - name which may only contain ASCII letters, numbers, - as well as underscores. - pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ - type: string - type: array - targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. - type: string - type: object - type: array - static: - description: The list of hosts to probe. - items: - type: string - type: array - type: object - type: object - tlsConfig: - description: TLS configuration to use when scraping the endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the targets. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - type: object - required: - - spec - type: object - served: true - storage: true diff --git a/production/operator/crds/monitoring.coreos.com_servicemonitors.yaml b/production/operator/crds/monitoring.coreos.com_servicemonitors.yaml deleted file mode 100644 index 5d661184cfb4..000000000000 --- a/production/operator/crds/monitoring.coreos.com_servicemonitors.yaml +++ /dev/null @@ -1,709 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: servicemonitors.monitoring.coreos.com -spec: - group: monitoring.coreos.com - names: - categories: - - prometheus-operator - kind: ServiceMonitor - listKind: ServiceMonitorList - plural: servicemonitors - shortNames: - - smon - singular: servicemonitor - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: ServiceMonitor defines monitoring for a set of services. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Specification of desired Service selection for target discovery - by Prometheus. - properties: - attachMetadata: - description: Attaches node metadata to discovered targets. Requires - Prometheus v2.37.0 and above. - properties: - node: - description: When set to true, Prometheus must have permissions - to get Nodes. - type: boolean - type: object - endpoints: - description: A list of endpoints allowed as part of this ServiceMonitor. - items: - description: Endpoint defines a scrapeable endpoint serving Prometheus - metrics. - properties: - authorization: - description: Authorization section for this endpoint - properties: - credentials: - description: The secret's key that contains the credentials - of the request - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: Set the authentication type. Defaults to Bearer, - Basic will cause an error - type: string - type: object - basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over - basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' - properties: - password: - description: The secret in the service monitor namespace - that contains the password for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: The secret in the service monitor namespace - that contains the username for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - bearerTokenFile: - description: File to read bearer token for scraping targets. - type: string - bearerTokenSecret: - description: Secret to mount to read bearer token for scraping - targets. The secret needs to be in the same namespace as the - service monitor and accessible by the Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - enableHttp2: - description: Whether to enable HTTP2. - type: boolean - filterRunning: - description: 'Drop pods that are not running. (Failed, Succeeded). - Enabled by default. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase' - type: boolean - followRedirects: - description: FollowRedirects configures whether scrape requests - follow HTTP 3xx redirects. - type: boolean - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - interval: - description: Interval at which metrics should be scraped If - not specified Prometheus' global scrape interval is used. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - metricRelabelings: - description: MetricRelabelConfigs to apply to samples before - ingestion. - items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It - defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' - properties: - action: - default: replace - description: Action to perform based on regex matching. - Default is 'replace'. uppercase and lowercase actions - require Prometheus >= 2.36. - enum: - - replace - - Replace - - keep - - Keep - - drop - - Drop - - hashmod - - HashMod - - labelmap - - LabelMap - - labeldrop - - LabelDrop - - labelkeep - - LabelKeep - - lowercase - - Lowercase - - uppercase - - Uppercase - - keepequal - - KeepEqual - - dropequal - - DropEqual - type: string - modulus: - description: Modulus to take of the hash of the source - label values. - format: int64 - type: integer - regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' - type: string - replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' - type: string - separator: - description: Separator placed between concatenated source - label values. default is ';'. - type: string - sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. - items: - description: LabelName is a valid Prometheus label name - which may only contain ASCII letters, numbers, as - well as underscores. - pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ - type: string - type: array - targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. - type: string - type: object - type: array - oauth2: - description: OAuth2 for the URL. Only valid in Prometheus versions - 2.27.0 and newer. - properties: - clientId: - description: The secret or configmap containing the OAuth2 - client id - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - clientSecret: - description: The secret containing the OAuth2 client secret - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - endpointParams: - additionalProperties: - type: string - description: Parameters to append to the token URL - type: object - scopes: - description: OAuth2 scopes used for the token request - items: - type: string - type: array - tokenUrl: - description: The URL to fetch the token from - minLength: 1 - type: string - required: - - clientId - - clientSecret - - tokenUrl - type: object - params: - additionalProperties: - items: - type: string - type: array - description: Optional HTTP URL parameters - type: object - path: - description: HTTP path to scrape for metrics. If empty, Prometheus - uses the default value (e.g. `/metrics`). - type: string - port: - description: Name of the service port this endpoint refers to. - Mutually exclusive with targetPort. - type: string - proxyUrl: - description: ProxyURL eg http://proxyserver:2195 Directs scrapes - to proxy through this endpoint. - type: string - relabelings: - description: 'RelabelConfigs to apply to samples before scraping. - Prometheus Operator automatically adds relabelings for a few - standard Kubernetes fields. The original scrape job''s name - is available via the `__tmp_prometheus_job_name` label. More - info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' - items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It - defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' - properties: - action: - default: replace - description: Action to perform based on regex matching. - Default is 'replace'. uppercase and lowercase actions - require Prometheus >= 2.36. - enum: - - replace - - Replace - - keep - - Keep - - drop - - Drop - - hashmod - - HashMod - - labelmap - - LabelMap - - labeldrop - - LabelDrop - - labelkeep - - LabelKeep - - lowercase - - Lowercase - - uppercase - - Uppercase - - keepequal - - KeepEqual - - dropequal - - DropEqual - type: string - modulus: - description: Modulus to take of the hash of the source - label values. - format: int64 - type: integer - regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' - type: string - replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' - type: string - separator: - description: Separator placed between concatenated source - label values. default is ';'. - type: string - sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. - items: - description: LabelName is a valid Prometheus label name - which may only contain ASCII letters, numbers, as - well as underscores. - pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ - type: string - type: array - targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. - type: string - type: object - type: array - scheme: - description: HTTP scheme to use for scraping. `http` and `https` - are the expected values unless you rewrite the `__scheme__` - label via relabeling. If empty, Prometheus uses the default - value `http`. - enum: - - http - - https - type: string - scrapeTimeout: - description: Timeout after which the scrape is ended If not - specified, the Prometheus global scrape timeout is used unless - it is less than `Interval` in which the latter is used. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: Name or number of the target port of the Pod behind - the Service, the port must be specified with container port - property. Mutually exclusive with port. - x-kubernetes-int-or-string: true - tlsConfig: - description: TLS configuration to use when scraping the endpoint - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - caFile: - description: Path to the CA cert in the Prometheus container - to use for the targets. - type: string - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - certFile: - description: Path to the client cert file in the Prometheus - container for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: Path to the client key file in the Prometheus - container for the targets. - type: string - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - type: object - type: array - jobLabel: - description: "JobLabel selects the label from the associated Kubernetes - service which will be used as the `job` label for all metrics. \n - For example: If in `ServiceMonitor.spec.jobLabel: foo` and in `Service.metadata.labels.foo: - bar`, then the `job=\"bar\"` label is added to all metrics. \n If - the value of this field is empty or if the label doesn't exist for - the given Service, the `job` label of the metrics defaults to the - name of the Kubernetes Service." - type: string - labelLimit: - description: Per-scrape limit on number of labels that will be accepted - for a sample. Only valid in Prometheus versions 2.27.0 and newer. - format: int64 - type: integer - labelNameLengthLimit: - description: Per-scrape limit on length of labels name that will be - accepted for a sample. Only valid in Prometheus versions 2.27.0 - and newer. - format: int64 - type: integer - labelValueLengthLimit: - description: Per-scrape limit on length of labels value that will - be accepted for a sample. Only valid in Prometheus versions 2.27.0 - and newer. - format: int64 - type: integer - namespaceSelector: - description: Selector to select which namespaces the Kubernetes Endpoints - objects are discovered from. - properties: - any: - description: Boolean describing whether all namespaces are selected - in contrast to a list restricting them. - type: boolean - matchNames: - description: List of namespace names to select from. - items: - type: string - type: array - type: object - podTargetLabels: - description: PodTargetLabels transfers labels on the Kubernetes `Pod` - onto the created metrics. - items: - type: string - type: array - sampleLimit: - description: SampleLimit defines per-scrape limit on number of scraped - samples that will be accepted. - format: int64 - type: integer - selector: - description: Selector to select Endpoints objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - targetLabels: - description: TargetLabels transfers labels from the Kubernetes `Service` - onto the created metrics. - items: - type: string - type: array - targetLimit: - description: TargetLimit defines a limit on the number of scraped - targets that will be accepted. - format: int64 - type: integer - required: - - endpoints - - selector - type: object - required: - - spec - type: object - served: true - storage: true diff --git a/production/operator/crds/monitoring.grafana.com_grafanaagents.yaml b/production/operator/crds/monitoring.grafana.com_grafanaagents.yaml deleted file mode 100644 index fab68b18e6f6..000000000000 --- a/production/operator/crds/monitoring.grafana.com_grafanaagents.yaml +++ /dev/null @@ -1,7795 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: grafanaagents.monitoring.grafana.com -spec: - group: monitoring.grafana.com - names: - categories: - - agent-operator - kind: GrafanaAgent - listKind: GrafanaAgentList - plural: grafanaagents - singular: grafanaagent - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: GrafanaAgent defines a Grafana Agent deployment. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the specification of the desired behavior for - the Grafana Agent cluster. - properties: - affinity: - description: Affinity, if specified, controls pod scheduling constraints. - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the - pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node matches - the corresponding matchExpressions; the node(s) with the - highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects (i.e. - is also a no-op). - properties: - preference: - description: A node selector term, associated with the - corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to an update), the system may or may not try to - eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - type: array - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may or may - not try to eventually evict the pod from its node. When - there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms - must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied to the - union of the namespaces selected by this field and - the ones listed in the namespaces field. null selector - and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied - to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. null or - empty namespaces list and null namespaceSelector means - "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the anti-affinity expressions specified - by this field, but it may choose a node that violates one - or more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the anti-affinity requirements - specified by this field cease to be met at some point during - pod execution (e.g. due to a pod label update), the system - may or may not try to eventually evict the pod from its - node. When there are multiple elements, the lists of nodes - corresponding to each podAffinityTerm are intersected, i.e. - all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied to the - union of the namespaces selected by this field and - the ones listed in the namespaces field. null selector - and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied - to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. null or - empty namespaces list and null namespaceSelector means - "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - apiServer: - description: APIServerConfig lets you specify a host and auth methods - to access the Kubernetes API server. If left empty, the Agent assumes - that it is running inside of the cluster and will discover API servers - automatically and use the pod's CA certificate and bearer token - file at /var/run/secrets/kubernetes.io/serviceaccount. - properties: - authorization: - description: Authorization section for accessing apiserver - properties: - credentials: - description: The secret's key that contains the credentials - of the request - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - credentialsFile: - description: File to read a secret from, mutually exclusive - with Credentials (from SafeAuthorization) - type: string - type: - description: Set the authentication type. Defaults to Bearer, - Basic will cause an error - type: string - type: object - basicAuth: - description: BasicAuth allow an endpoint to authenticate over - basic authentication - properties: - password: - description: The secret in the service monitor namespace that - contains the password for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: The secret in the service monitor namespace that - contains the username for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - bearerToken: - description: Bearer token for accessing apiserver. - type: string - bearerTokenFile: - description: File to read bearer token for accessing apiserver. - type: string - host: - description: Host of apiserver. A valid string consisting of a - hostname or IP followed by an optional port number - type: string - tlsConfig: - description: TLS Config to use for accessing apiserver. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - caFile: - description: Path to the CA cert in the Prometheus container - to use for the targets. - type: string - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - certFile: - description: Path to the client cert file in the Prometheus - container for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: Path to the client key file in the Prometheus - container for the targets. - type: string - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - required: - - host - type: object - configMaps: - description: ConfigMaps is a list of config maps in the same namespace - as the GrafanaAgent object which will be mounted into each running - Grafana Agent pod. The ConfigMaps are mounted into /var/lib/grafana-agent/extra-configmaps/. - items: - type: string - type: array - configReloaderImage: - description: Image, when specified, overrides the image used to run - Config Reloader. Specify the image along with a tag. You still need - to set the version to ensure Grafana Agent Operator knows which - version of Grafana Agent is being configured. - type: string - configReloaderVersion: - description: Version of Config Reloader to be deployed. - type: string - containers: - description: 'Containers lets you inject additional containers or - modify operator-generated containers. This can be used to add an - authentication proxy to a Grafana Agent pod or to change the behavior - of an operator-generated container. Containers described here modify - an operator-generated container if they share the same name and - if modifications are done via a strategic merge patch. The current - container names are: `grafana-agent` and `config-reloader`. Overriding - containers is entirely outside the scope of what the Grafana Agent - team supports and by doing so, you accept that this behavior may - break at any time without notice.' - items: - description: A single application container that you want to run - within a pod. - properties: - args: - description: 'Arguments to the entrypoint. The container image''s - CMD is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable - cannot be resolved, the reference in the input string will - be unchanged. Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". Escaped references - will never be expanded, regardless of whether the variable - exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed within a shell. - The container image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: - i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether - the variable exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to set in the container. - Cannot be updated. - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be - a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in - the container and any service environment variables. - If a variable cannot be resolved, the reference in the - input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) - syntax: i.e. "$$(VAR_NAME)" will produce the string - literal "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable exists - or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must be - a C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key - will take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of a set - of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap must be - defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each - key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management system should take - in response to container lifecycle events. Cannot be updated. - properties: - postStart: - description: 'PostStart is called immediately after a container - is created. If the handler fails, the container is terminated - and restarted according to its restart policy. Other management - of the container blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward compatibility. - There are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: 'PreStop is called immediately before a container - is terminated due to an API request or management event - such as liveness/startup probe failure, preemption, resource - contention, etc. The handler is not called if the container - crashes or exits. The Pod''s termination grace period - countdown begins before the PreStop hook is executed. - Regardless of the outcome of the handler, the container - will eventually terminate within the Pod''s termination - grace period (unless delayed by finalizers). Other management - of the container blocks until the hook completes or until - the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward compatibility. - There are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: 'Periodic probe of container liveness. Container - will be restarted if the probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - name: - description: Name of the container specified as a DNS_LABEL. - Each container in a pod must have a unique name (DNS_LABEL). - Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Not - specifying a port here DOES NOT prevent that port from being - exposed. Any port which is listening on the default "0.0.0.0" - address inside a container will be accessible from the network. - Modifying this array with strategic merge patch may corrupt - the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. - Cannot be updated. - items: - description: ContainerPort represents a network port in a - single container. - properties: - containerPort: - description: Number of port to expose on the pod's IP - address. This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If - specified, this must be a valid port number, 0 < x < - 65536. If HostNetwork is specified, this must match - ContainerPort. Most containers do not need this. - format: int32 - type: integer - name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod - must have a unique name. Name for the port that can - be referred to by services. - type: string - protocol: - default: TCP - description: Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. - Container will be removed from service endpoints if the probe - fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - resizePolicy: - description: Resources resize policy for the container. - items: - description: ContainerResizePolicy represents resource resize - policy for the container. - properties: - resourceName: - description: 'Name of the resource to which this resource - resize policy applies. Supported values: cpu, memory.' - type: string - restartPolicy: - description: Restart policy to apply when specified resource - is resized. If not specified, it defaults to NotRequired. - type: string - required: - - resourceName - - restartPolicy - type: object - type: array - x-kubernetes-list-type: atomic - resources: - description: 'Compute Resources required by this container. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - properties: - claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can only - be set for containers." - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one entry - in pod.spec.resourceClaims of the Pod where this - field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests - cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - restartPolicy: - description: 'RestartPolicy defines the restart behavior of - individual containers in a pod. This field may only be set - for init containers, and the only allowed value is "Always". - For non-init containers or when this field is not specified, - the restart behavior is defined by the Pod''s restart policy - and the container type. Setting the RestartPolicy as "Always" - for the init container will have the following effect: this - init container will be continually restarted on exit until - all regular containers have terminated. Once all regular containers - have completed, all init containers with restartPolicy "Always" - will be shut down. This lifecycle differs from normal init - containers and is often referred to as a "sidecar" container. - Although this init container still starts in the init container - sequence, it does not wait for the container to complete before - proceeding to the next init container. Instead, the next init - container starts immediately after this init container is - started, or after any startupProbe has successfully completed.' - type: string - securityContext: - description: 'SecurityContext defines the security options the - container should be run with. If set, the fields of SecurityContext - override the equivalent fields of PodSecurityContext. More - info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether - a process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN Note that this field cannot be set - when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by - the container runtime. Note that this field cannot be - set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - type: object - privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent to - root on the host. Defaults to false. Note that this field - cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: procMount denotes the type of proc mount to - use for the containers. The default is DefaultProcMount - which uses the container runtime defaults for readonly - paths and masked paths. This requires the ProcMountType - feature flag to be enabled. Note that this field cannot - be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root - filesystem. Default is false. Note that this field cannot - be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a - non-root user. If true, the Kubelet will validate the - image at runtime to ensure that it does not run as UID - 0 (root) and fail to start the container if it does. If - unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a - random SELinux context for each container. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies - to the container. - type: string - role: - description: Role is a SELinux role label that applies - to the container. - type: string - type: - description: Type is a SELinux type label that applies - to the container. - type: string - user: - description: User is a SELinux user label that applies - to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by this container. - If seccomp options are provided at both the pod & container - level, the container options override the pod options. - Note that this field cannot be set when spec.os.name is - windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined - in a file on the node should be used. The profile - must be preconfigured on the node to work. Must be - a descending path, relative to the kubelet's configured - seccomp profile location. Must be set if type is "Localhost". - Must NOT be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile - will be applied. Valid options are: \n Localhost - - a profile defined in a file on the node should be - used. RuntimeDefault - the container runtime default - profile should be used. Unconfined - no profile should - be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings applied to all - containers. If unspecified, the options from the PodSecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is - linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the - GMSA credential spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should - be run as a 'Host Process' container. All of a Pod's - containers must have the same effective HostProcess - value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork must also - be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. - type: string - type: object - type: object - startupProbe: - description: 'StartupProbe indicates that the Pod has successfully - initialized. If specified, no other probes are executed until - this completes successfully. If this probe fails, the Pod - will be restarted, just as if the livenessProbe failed. This - can be used to provide different probe parameters at the beginning - of a Pod''s lifecycle, when it might take a long time to load - data or warm a cache, than during steady-state operation. - This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - stdin: - description: Whether this container should allocate a buffer - for stdin in the container runtime. If this is not set, reads - from stdin in the container will always result in EOF. Default - is false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the - stdin channel after it has been opened by a single attach. - When stdin is true the stdin stream will remain open across - multiple attach sessions. If stdinOnce is set to true, stdin - is opened on container start, is empty until the first client - attaches to stdin, and then remains open and accepts data - until the client disconnects, at which time stdin is closed - and remains closed until the container is restarted. If this - flag is false, a container processes that reads from stdin - will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file to which the - container''s termination message will be written is mounted - into the container''s filesystem. Message written is intended - to be brief final status, such as an assertion failure message. - Will be truncated by the node if greater than 4096 bytes. - The total message length across all containers will be limited - to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be - populated. File will use the contents of terminationMessagePath - to populate the container status message on both success and - failure. FallbackToLogsOnError will use the last chunk of - container log output if the termination message file is empty - and the container exited with an error. The log output is - limited to 2048 bytes or 80 lines, whichever is smaller. Defaults - to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY for - itself, also requires 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be - used by the container. - items: - description: volumeDevice describes a mapping of a raw block - device within a container. - properties: - devicePath: - description: devicePath is the path inside of the container - that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim - in the pod - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - description: Pod volumes to mount into the container's filesystem. - Cannot be updated. - items: - description: VolumeMount describes a mounting of a Volume - within a container. - properties: - mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other - way around. When not set, MountPropagationNone is used. - This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might - be configured in the container image. Cannot be updated. - type: string - required: - - name - type: object - type: array - disableReporting: - default: false - description: disableReporting disables reporting of enabled feature - flags to Grafana. - type: boolean - disableSupportBundle: - default: false - description: disableSupportBundle disables the generation of support - bundles. - type: boolean - enableConfigReadAPI: - default: false - description: enableConfigReadAPI enables the read API for viewing - the currently running config port 8080 on the agent. - type: boolean - image: - description: Image, when specified, overrides the image used to run - Agent. Specify the image along with a tag. You still need to set - the version to ensure Grafana Agent Operator knows which version - of Grafana Agent is being configured. - type: string - imagePullSecrets: - description: 'ImagePullSecrets holds an optional list of references - to Secrets within the same namespace used for pulling the Grafana - Agent image from registries. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' - items: - description: LocalObjectReference contains enough information to - let you locate the referenced object inside the same namespace. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - type: array - initContainers: - description: 'InitContainers let you add initContainers to the pod - definition. These can be used to, for example, fetch secrets for - injection into the Grafana Agent configuration from external sources. - Errors during the execution of an initContainer cause the pod to - restart. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - Using initContainers for any use case other than secret fetching - is entirely outside the scope of what the Grafana Agent maintainers - support and by doing so, you accept that this behavior may break - at any time without notice.' - items: - description: A single application container that you want to run - within a pod. - properties: - args: - description: 'Arguments to the entrypoint. The container image''s - CMD is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable - cannot be resolved, the reference in the input string will - be unchanged. Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". Escaped references - will never be expanded, regardless of whether the variable - exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed within a shell. - The container image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: - i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether - the variable exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to set in the container. - Cannot be updated. - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be - a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in - the container and any service environment variables. - If a variable cannot be resolved, the reference in the - input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) - syntax: i.e. "$$(VAR_NAME)" will produce the string - literal "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable exists - or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must be - a C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key - will take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of a set - of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap must be - defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each - key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management system should take - in response to container lifecycle events. Cannot be updated. - properties: - postStart: - description: 'PostStart is called immediately after a container - is created. If the handler fails, the container is terminated - and restarted according to its restart policy. Other management - of the container blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward compatibility. - There are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: 'PreStop is called immediately before a container - is terminated due to an API request or management event - such as liveness/startup probe failure, preemption, resource - contention, etc. The handler is not called if the container - crashes or exits. The Pod''s termination grace period - countdown begins before the PreStop hook is executed. - Regardless of the outcome of the handler, the container - will eventually terminate within the Pod''s termination - grace period (unless delayed by finalizers). Other management - of the container blocks until the hook completes or until - the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward compatibility. - There are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: 'Periodic probe of container liveness. Container - will be restarted if the probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - name: - description: Name of the container specified as a DNS_LABEL. - Each container in a pod must have a unique name (DNS_LABEL). - Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Not - specifying a port here DOES NOT prevent that port from being - exposed. Any port which is listening on the default "0.0.0.0" - address inside a container will be accessible from the network. - Modifying this array with strategic merge patch may corrupt - the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. - Cannot be updated. - items: - description: ContainerPort represents a network port in a - single container. - properties: - containerPort: - description: Number of port to expose on the pod's IP - address. This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If - specified, this must be a valid port number, 0 < x < - 65536. If HostNetwork is specified, this must match - ContainerPort. Most containers do not need this. - format: int32 - type: integer - name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod - must have a unique name. Name for the port that can - be referred to by services. - type: string - protocol: - default: TCP - description: Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. - Container will be removed from service endpoints if the probe - fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - resizePolicy: - description: Resources resize policy for the container. - items: - description: ContainerResizePolicy represents resource resize - policy for the container. - properties: - resourceName: - description: 'Name of the resource to which this resource - resize policy applies. Supported values: cpu, memory.' - type: string - restartPolicy: - description: Restart policy to apply when specified resource - is resized. If not specified, it defaults to NotRequired. - type: string - required: - - resourceName - - restartPolicy - type: object - type: array - x-kubernetes-list-type: atomic - resources: - description: 'Compute Resources required by this container. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - properties: - claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can only - be set for containers." - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one entry - in pod.spec.resourceClaims of the Pod where this - field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests - cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - restartPolicy: - description: 'RestartPolicy defines the restart behavior of - individual containers in a pod. This field may only be set - for init containers, and the only allowed value is "Always". - For non-init containers or when this field is not specified, - the restart behavior is defined by the Pod''s restart policy - and the container type. Setting the RestartPolicy as "Always" - for the init container will have the following effect: this - init container will be continually restarted on exit until - all regular containers have terminated. Once all regular containers - have completed, all init containers with restartPolicy "Always" - will be shut down. This lifecycle differs from normal init - containers and is often referred to as a "sidecar" container. - Although this init container still starts in the init container - sequence, it does not wait for the container to complete before - proceeding to the next init container. Instead, the next init - container starts immediately after this init container is - started, or after any startupProbe has successfully completed.' - type: string - securityContext: - description: 'SecurityContext defines the security options the - container should be run with. If set, the fields of SecurityContext - override the equivalent fields of PodSecurityContext. More - info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether - a process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN Note that this field cannot be set - when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by - the container runtime. Note that this field cannot be - set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - type: object - privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent to - root on the host. Defaults to false. Note that this field - cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: procMount denotes the type of proc mount to - use for the containers. The default is DefaultProcMount - which uses the container runtime defaults for readonly - paths and masked paths. This requires the ProcMountType - feature flag to be enabled. Note that this field cannot - be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root - filesystem. Default is false. Note that this field cannot - be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a - non-root user. If true, the Kubelet will validate the - image at runtime to ensure that it does not run as UID - 0 (root) and fail to start the container if it does. If - unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a - random SELinux context for each container. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies - to the container. - type: string - role: - description: Role is a SELinux role label that applies - to the container. - type: string - type: - description: Type is a SELinux type label that applies - to the container. - type: string - user: - description: User is a SELinux user label that applies - to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by this container. - If seccomp options are provided at both the pod & container - level, the container options override the pod options. - Note that this field cannot be set when spec.os.name is - windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined - in a file on the node should be used. The profile - must be preconfigured on the node to work. Must be - a descending path, relative to the kubelet's configured - seccomp profile location. Must be set if type is "Localhost". - Must NOT be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile - will be applied. Valid options are: \n Localhost - - a profile defined in a file on the node should be - used. RuntimeDefault - the container runtime default - profile should be used. Unconfined - no profile should - be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings applied to all - containers. If unspecified, the options from the PodSecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is - linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the - GMSA credential spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should - be run as a 'Host Process' container. All of a Pod's - containers must have the same effective HostProcess - value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork must also - be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. - type: string - type: object - type: object - startupProbe: - description: 'StartupProbe indicates that the Pod has successfully - initialized. If specified, no other probes are executed until - this completes successfully. If this probe fails, the Pod - will be restarted, just as if the livenessProbe failed. This - can be used to provide different probe parameters at the beginning - of a Pod''s lifecycle, when it might take a long time to load - data or warm a cache, than during steady-state operation. - This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - stdin: - description: Whether this container should allocate a buffer - for stdin in the container runtime. If this is not set, reads - from stdin in the container will always result in EOF. Default - is false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the - stdin channel after it has been opened by a single attach. - When stdin is true the stdin stream will remain open across - multiple attach sessions. If stdinOnce is set to true, stdin - is opened on container start, is empty until the first client - attaches to stdin, and then remains open and accepts data - until the client disconnects, at which time stdin is closed - and remains closed until the container is restarted. If this - flag is false, a container processes that reads from stdin - will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file to which the - container''s termination message will be written is mounted - into the container''s filesystem. Message written is intended - to be brief final status, such as an assertion failure message. - Will be truncated by the node if greater than 4096 bytes. - The total message length across all containers will be limited - to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be - populated. File will use the contents of terminationMessagePath - to populate the container status message on both success and - failure. FallbackToLogsOnError will use the last chunk of - container log output if the termination message file is empty - and the container exited with an error. The log output is - limited to 2048 bytes or 80 lines, whichever is smaller. Defaults - to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY for - itself, also requires 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be - used by the container. - items: - description: volumeDevice describes a mapping of a raw block - device within a container. - properties: - devicePath: - description: devicePath is the path inside of the container - that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim - in the pod - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - description: Pod volumes to mount into the container's filesystem. - Cannot be updated. - items: - description: VolumeMount describes a mounting of a Volume - within a container. - properties: - mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other - way around. When not set, MountPropagationNone is used. - This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might - be configured in the container image. Cannot be updated. - type: string - required: - - name - type: object - type: array - integrations: - description: Integrations controls the integration subsystem of the - Agent and settings unique to deployed integration-specific pods. - properties: - namespaceSelector: - description: "Label selector for namespaces to search when discovering - integration resources. If nil, integration resources are only - discovered in the namespace of the GrafanaAgent resource. \n - Set to `{}` to search all namespaces." - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - selector: - description: Label selector to find Integration resources to run. - When nil, no integration resources will be defined. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - type: object - logFormat: - description: LogFormat controls the logging format of the generated - pods. Defaults to "logfmt" if not set. - type: string - logLevel: - description: LogLevel controls the log level of the generated pods. - Defaults to "info" if not set. - type: string - logs: - description: Logs controls the logging subsystem of the Agent and - settings unique to logging-specific pods that are deployed. - properties: - clients: - description: A global set of clients to use when a discovered - LogsInstance does not have any clients defined. - items: - description: LogsClientSpec defines the client integration for - logs, indicating which Loki server to send logs to. - properties: - backoffConfig: - description: Configures how to retry requests to Loki when - a request fails. Defaults to a minPeriod of 500ms, maxPeriod - of 5m, and maxRetries of 10. - properties: - maxPeriod: - description: Maximum backoff time between retries. - type: string - maxRetries: - description: Maximum number of retries to perform before - giving up a request. - type: integer - minPeriod: - description: Initial backoff time between retries. Time - between retries is increased exponentially. - type: string - type: object - basicAuth: - description: BasicAuth for the Loki server. - properties: - password: - description: The secret in the service monitor namespace - that contains the password for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: The secret in the service monitor namespace - that contains the username for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - batchSize: - description: Maximum batch size (in bytes) of logs to accumulate - before sending the batch to Loki. - type: integer - batchWait: - description: Maximum amount of time to wait before sending - a batch, even if that batch isn't full. - type: string - bearerToken: - description: BearerToken used for remote_write. - type: string - bearerTokenFile: - description: BearerTokenFile used to read bearer token. - type: string - externalLabels: - additionalProperties: - type: string - description: ExternalLabels are labels to add to any time - series when sending data to Loki. - type: object - oauth2: - description: Oauth2 for URL - properties: - clientId: - description: The secret or configmap containing the - OAuth2 client id - properties: - configMap: - description: ConfigMap containing data to use for - the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the - targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - clientSecret: - description: The secret containing the OAuth2 client - secret - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - endpointParams: - additionalProperties: - type: string - description: Parameters to append to the token URL - type: object - scopes: - description: OAuth2 scopes used for the token request - items: - type: string - type: array - tokenUrl: - description: The URL to fetch the token from - minLength: 1 - type: string - required: - - clientId - - clientSecret - - tokenUrl - type: object - proxyUrl: - description: ProxyURL to proxy requests through. Optional. - type: string - tenantId: - description: Tenant ID used by default to push logs to Loki. - If omitted assumes remote Loki is running in single-tenant - mode or an authentication layer is used to inject an X-Scope-OrgID - header. - type: string - timeout: - description: Maximum time to wait for a server to respond - to a request. - type: string - tlsConfig: - description: TLSConfig to use for the client. Only used - when the protocol of the URL is https. - properties: - ca: - description: Certificate authority used when verifying - server certificates. - properties: - configMap: - description: ConfigMap containing data to use for - the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the - targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - caFile: - description: Path to the CA cert in the Prometheus container - to use for the targets. - type: string - cert: - description: Client certificate to present when doing - client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for - the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the - targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - certFile: - description: Path to the client cert file in the Prometheus - container for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: Path to the client key file in the Prometheus - container for the targets. - type: string - keySecret: - description: Secret containing the client key file for - the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: 'URL is the URL where Loki is listening. Must - be a full HTTP URL, including protocol. Required. Example: - https://logs-prod-us-central1.grafana.net/loki/api/v1/push.' - type: string - required: - - url - type: object - type: array - enforcedNamespaceLabel: - description: EnforcedNamespaceLabel enforces adding a namespace - label of origin for each metric that is user-created. The label - value will always be the namespace of the object that is being - created. - type: string - ignoreNamespaceSelectors: - description: IgnoreNamespaceSelectors, if true, will ignore NamespaceSelector - settings from the PodLogs configs, and they will only discover - endpoints within their current namespace. - type: boolean - instanceNamespaceSelector: - description: InstanceNamespaceSelector are the set of labels to - determine which namespaces to watch for LogInstances. If not - provided, only checks own namespace. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - instanceSelector: - description: InstanceSelector determines which LogInstances should - be selected for running. Each instance runs its own set of Prometheus - components, including service discovery, scraping, and remote_write. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - logsExternalLabelName: - description: LogsExternalLabelName is the name of the external - label used to denote Grafana Agent cluster. Defaults to "cluster." - External label will _not_ be added when value is set to the - empty string. - type: string - type: object - metrics: - description: Metrics controls the metrics subsystem of the Agent and - settings unique to metrics-specific pods that are deployed. - properties: - arbitraryFSAccessThroughSMs: - description: ArbitraryFSAccessThroughSMs configures whether configuration - based on a ServiceMonitor can access arbitrary files on the - file system of the Grafana Agent container, e.g., bearer token - files. - properties: - deny: - type: boolean - type: object - enforcedNamespaceLabel: - description: EnforcedNamespaceLabel enforces adding a namespace - label of origin for each metric that is user-created. The label - value is always the namespace of the object that is being created. - type: string - enforcedSampleLimit: - description: EnforcedSampleLimit defines a global limit on the - number of scraped samples that are accepted. This overrides - any SampleLimit set per ServiceMonitor and/or PodMonitor. It - is meant to be used by admins to enforce the SampleLimit to - keep the overall number of samples and series under the desired - limit. Note that if a SampleLimit from a ServiceMonitor or PodMonitor - is lower, that value is used instead. - format: int64 - type: integer - enforcedTargetLimit: - description: EnforcedTargetLimit defines a global limit on the - number of scraped targets. This overrides any TargetLimit set - per ServiceMonitor and/or PodMonitor. It is meant to be used - by admins to enforce the TargetLimit to keep the overall number - of targets under the desired limit. Note that if a TargetLimit - from a ServiceMonitor or PodMonitor is higher, that value is - used instead. - format: int64 - type: integer - externalLabels: - additionalProperties: - type: string - description: ExternalLabels are labels to add to any time series - when sending data over remote_write. - type: object - ignoreNamespaceSelectors: - description: IgnoreNamespaceSelectors, if true, ignores NamespaceSelector - settings from the PodMonitor and ServiceMonitor configs, so - that they only discover endpoints within their current namespace. - type: boolean - instanceNamespaceSelector: - description: InstanceNamespaceSelector is the set of labels that - determines which namespaces to watch for MetricsInstances. If - not provided, it only checks its own namespace. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - instanceSelector: - description: InstanceSelector determines which MetricsInstances - should be selected for running. Each instance runs its own set - of Metrics components, including service discovery, scraping, - and remote_write. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - metricsExternalLabelName: - description: MetricsExternalLabelName is the name of the external - label used to denote Grafana Agent cluster. Defaults to "cluster." - The external label is _not_ added when the value is set to the - empty string. - type: string - overrideHonorLabels: - description: OverrideHonorLabels, if true, overrides all configured - honor_labels read from ServiceMonitor or PodMonitor and sets - them to false. - type: boolean - overrideHonorTimestamps: - description: OverrideHonorTimestamps allows global enforcement - for honoring timestamps in all scrape configs. - type: boolean - remoteWrite: - description: RemoteWrite controls default remote_write settings - for all instances. If an instance does not provide its own RemoteWrite - settings, these will be used instead. - items: - description: RemoteWriteSpec defines the remote_write configuration - for Prometheus. - properties: - basicAuth: - description: BasicAuth for the URL. - properties: - password: - description: The secret in the service monitor namespace - that contains the password for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: The secret in the service monitor namespace - that contains the username for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - bearerToken: - description: BearerToken used for remote_write. - type: string - bearerTokenFile: - description: BearerTokenFile used to read bearer token. - type: string - headers: - additionalProperties: - type: string - description: Headers is a set of custom HTTP headers to - be sent along with each remote_write request. Be aware - that any headers set by Grafana Agent itself can't be - overwritten. - type: object - metadataConfig: - description: MetadataConfig configures the sending of series - metadata to remote storage. - properties: - send: - description: Send enables metric metadata to be sent - to remote storage. - type: boolean - sendInterval: - description: SendInterval controls how frequently metric - metadata is sent to remote storage. - type: string - type: object - name: - description: Name of the remote_write queue. Must be unique - if specified. The name is used in metrics and logging - in order to differentiate queues. - type: string - oauth2: - description: Oauth2 for URL - properties: - clientId: - description: The secret or configmap containing the - OAuth2 client id - properties: - configMap: - description: ConfigMap containing data to use for - the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the - targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - clientSecret: - description: The secret containing the OAuth2 client - secret - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - endpointParams: - additionalProperties: - type: string - description: Parameters to append to the token URL - type: object - scopes: - description: OAuth2 scopes used for the token request - items: - type: string - type: array - tokenUrl: - description: The URL to fetch the token from - minLength: 1 - type: string - required: - - clientId - - clientSecret - - tokenUrl - type: object - proxyUrl: - description: ProxyURL to proxy requests through. Optional. - type: string - queueConfig: - description: QueueConfig allows tuning of the remote_write - queue parameters. - properties: - batchSendDeadline: - description: BatchSendDeadline is the maximum time a - sample will wait in the buffer. - type: string - capacity: - description: Capacity is the number of samples to buffer - per shard before samples start being dropped. - type: integer - maxBackoff: - description: MaxBackoff is the maximum retry delay. - type: string - maxRetries: - description: MaxRetries is the maximum number of times - to retry a batch on recoverable errors. - type: integer - maxSamplesPerSend: - description: MaxSamplesPerSend is the maximum number - of samples per send. - type: integer - maxShards: - description: MaxShards is the maximum number of shards, - i.e., the amount of concurrency. - type: integer - minBackoff: - description: MinBackoff is the initial retry delay. - MinBackoff is doubled for every retry. - type: string - minShards: - description: MinShards is the minimum number of shards, - i.e., the amount of concurrency. - type: integer - retryOnRateLimit: - description: RetryOnRateLimit retries requests when - encountering rate limits. - type: boolean - type: object - remoteTimeout: - description: RemoteTimeout is the timeout for requests to - the remote_write endpoint. - type: string - sigv4: - description: SigV4 configures SigV4-based authentication - to the remote_write endpoint. SigV4-based authentication - is used if SigV4 is defined, even with an empty object. - properties: - accessKey: - description: AccessKey holds the secret of the AWS API - access key to use for signing. If not provided, the - environment variable AWS_ACCESS_KEY_ID is used. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - profile: - description: Profile is the named AWS profile to use - for authentication. - type: string - region: - description: Region of the AWS endpoint. If blank, the - region from the default credentials chain is used. - type: string - roleARN: - description: RoleARN is the AWS Role ARN to use for - authentication, as an alternative for using the AWS - API keys. - type: string - secretKey: - description: SecretKey of the AWS API to use for signing. - If blank, the environment variable AWS_SECRET_ACCESS_KEY - is used. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - tlsConfig: - description: TLSConfig to use for remote_write. - properties: - ca: - description: Certificate authority used when verifying - server certificates. - properties: - configMap: - description: ConfigMap containing data to use for - the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the - targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - caFile: - description: Path to the CA cert in the Prometheus container - to use for the targets. - type: string - cert: - description: Client certificate to present when doing - client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for - the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the - targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - certFile: - description: Path to the client cert file in the Prometheus - container for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: Path to the client key file in the Prometheus - container for the targets. - type: string - keySecret: - description: Secret containing the client key file for - the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL of the endpoint to send samples to. - type: string - writeRelabelConfigs: - description: WriteRelabelConfigs holds relabel_configs to - relabel samples before they are sent to the remote_write - endpoint. - items: - description: 'RelabelConfig allows dynamic rewriting of - the label set, being applied to samples before ingestion. - It defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' - properties: - action: - default: replace - description: Action to perform based on regex matching. - Default is 'replace'. uppercase and lowercase actions - require Prometheus >= 2.36. - enum: - - replace - - Replace - - keep - - Keep - - drop - - Drop - - hashmod - - HashMod - - labelmap - - LabelMap - - labeldrop - - LabelDrop - - labelkeep - - LabelKeep - - lowercase - - Lowercase - - uppercase - - Uppercase - - keepequal - - KeepEqual - - dropequal - - DropEqual - type: string - modulus: - description: Modulus to take of the hash of the source - label values. - format: int64 - type: integer - regex: - description: Regular expression against which the - extracted value is matched. Default is '(.*)' - type: string - replacement: - description: Replacement value against which a regex - replace is performed if the regular expression matches. - Regex capture groups are available. Default is '$1' - type: string - separator: - description: Separator placed between concatenated - source label values. default is ';'. - type: string - sourceLabels: - description: The source labels select values from - existing labels. Their content is concatenated using - the configured separator and matched against the - configured regular expression for the replace, keep, - and drop actions. - items: - description: LabelName is a valid Prometheus label - name which may only contain ASCII letters, numbers, - as well as underscores. - pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ - type: string - type: array - targetLabel: - description: Label to which the resulting value is - written in a replace action. It is mandatory for - replace actions. Regex capture groups are available. - type: string - type: object - type: array - required: - - url - type: object - type: array - replicaExternalLabelName: - description: ReplicaExternalLabelName is the name of the metrics - external label used to denote the replica name. Defaults to - __replica__. The external label is _not_ added when the value - is set to the empty string. - type: string - replicas: - description: Replicas of each shard to deploy for metrics pods. - Number of replicas multiplied by the number of shards is the - total number of pods created. - format: int32 - type: integer - scrapeInterval: - description: ScrapeInterval is the time between consecutive scrapes. - type: string - scrapeTimeout: - description: ScrapeTimeout is the time to wait for a target to - respond before marking a scrape as failed. - type: string - shards: - description: Shards to distribute targets onto. Number of replicas - multiplied by the number of shards is the total number of pods - created. Note that scaling down shards does not reshard data - onto remaining instances; it must be manually moved. Increasing - shards does not reshard data either, but it will continue to - be available from the same instances. Sharding is performed - on the content of the __address__ target meta-label. - format: int32 - type: integer - type: object - nodeSelector: - additionalProperties: - type: string - description: NodeSelector defines which nodes pods should be scheduling - on. - type: object - paused: - description: Paused prevents actions except for deletion to be performed - on the underlying managed objects. - type: boolean - podMetadata: - description: PodMetadata configures Labels and Annotations which are - propagated to created Grafana Agent pods. - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations is an unstructured key value map stored - with a resource that may be set by external tools to store and - retrieve arbitrary metadata. They are not queryable and should - be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - labels: - additionalProperties: - type: string - description: 'Map of string keys and values that can be used to - organize and categorize (scope and select) objects. May match - selectors of replication controllers and services. More info: - http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: 'Name must be unique within a namespace. Is required - when creating resources, although some resources may allow a - client to request the generation of an appropriate name automatically. - Name is primarily intended for creation idempotence and configuration - definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - type: object - portName: - description: Port name used for the pods and governing service. This - defaults to agent-metrics. - type: string - priorityClassName: - description: PriorityClassName is the priority class assigned to pods. - type: string - resources: - description: Resources holds requests and limits for individual pods. - properties: - claims: - description: "Claims lists the names of resources, defined in - spec.resourceClaims, that are used by this container. \n This - is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can only be set - for containers." - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one entry in pod.spec.resourceClaims - of the Pod where this field is used. It makes that resource - available inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - runtimeClassName: - description: RuntimeClassName is the runtime class assigned to pods. - type: string - secrets: - description: Secrets is a list of secrets in the same namespace as - the GrafanaAgent object which will be mounted into each running - Grafana Agent pod. The secrets are mounted into /var/lib/grafana-agent/extra-secrets/. - items: - type: string - type: array - securityContext: - description: SecurityContext holds pod-level security attributes and - common container settings. When unspecified, defaults to the default - PodSecurityContext. - properties: - fsGroup: - description: "A special supplemental group that applies to all - containers in a pod. Some volume types allow the Kubelet to - change the ownership of that volume to be owned by the pod: - \n 1. The owning GID will be the FSGroup 2. The setgid bit is - set (new files created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- \n If unset, - the Kubelet will not modify the ownership and permissions of - any volume. Note that this field cannot be set when spec.os.name - is windows." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing - ownership and permission of the volume before being exposed - inside Pod. This field will only apply to volume types which - support fsGroup based ownership(and permissions). It will have - no effect on ephemeral volume types such as: secret, configmaps - and emptydir. Valid values are "OnRootMismatch" and "Always". - If not specified, "Always" is used. Note that this field cannot - be set when spec.os.name is windows.' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container process. - Uses runtime default if unset. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no such validation - will be performed. May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. Note that this field cannot - be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies to - the container. - type: string - role: - description: Role is a SELinux role label that applies to - the container. - type: string - type: - description: Type is a SELinux type label that applies to - the container. - type: string - user: - description: User is a SELinux user label that applies to - the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by the containers in this - pod. Note that this field cannot be set when spec.os.name is - windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined - in a file on the node should be used. The profile must be - preconfigured on the node to work. Must be a descending - path, relative to the kubelet's configured seccomp profile - location. Must be set if type is "Localhost". Must NOT be - set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile - will be applied. Valid options are: \n Localhost - a profile - defined in a file on the node should be used. RuntimeDefault - - the container runtime default profile should be used. - Unconfined - no profile should be applied." - type: string - required: - - type - type: object - supplementalGroups: - description: A list of groups applied to the first process run - in each container, in addition to the container's primary GID, - the fsGroup (if specified), and group memberships defined in - the container image for the uid of the container process. If - unspecified, no additional groups are added to any container. - Note that group memberships defined in the container image for - the uid of the container process are still effective, even if - they are not included in this list. Note that this field cannot - be set when spec.os.name is windows. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced sysctls used for - the pod. Pods with unsupported sysctls (by the container runtime) - might fail to launch. Note that this field cannot be set when - spec.os.name is windows. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named by - the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA - credential spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should - be run as a 'Host Process' container. All of a Pod's containers - must have the same effective HostProcess value (it is not - allowed to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess is true then HostNetwork - must also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - type: string - type: object - type: object - serviceAccountName: - description: ServiceAccountName is the name of the ServiceAccount - to use for running Grafana Agent pods. - type: string - storage: - description: Storage spec to specify how storage will be used. - properties: - disableMountSubPath: - description: '*Deprecated: subPath usage will be removed in a - future release.*' - type: boolean - emptyDir: - description: 'EmptyDirVolumeSource to be used by the StatefulSet. - If specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`. - More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' - properties: - medium: - description: 'medium represents what type of storage medium - should back this directory. The default is "" which means - to use the node''s default medium. Must be an empty string - (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - description: 'sizeLimit is the total amount of local storage - required for this EmptyDir volume. The size limit is also - applicable for memory medium. The maximum usage on memory - medium EmptyDir would be the minimum value between the SizeLimit - specified here and the sum of memory limits of all containers - in a pod. The default is nil which means that the limit - is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - description: 'EphemeralVolumeSource to be used by the StatefulSet. - This is a beta field in k8s 1.21 and GA in 1.15. For lower versions, - starting with k8s 1.19, it requires enabling the GenericEphemeralVolume - feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes' - properties: - volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to - provision the volume. The pod in which this EphemeralVolumeSource - is embedded will be the owner of the PVC, i.e. the PVC will - be deleted together with the pod. The name of the PVC will - be `-` where `` is the - name from the `PodSpec.Volumes` array entry. Pod validation - will reject the pod if the concatenated name is not valid - for a PVC (for example, too long). \n An existing PVC with - that name that is not owned by the pod will *not* be used - for the pod to avoid using an unrelated volume by mistake. - Starting the pod is then blocked until the unrelated PVC - is removed. If such a pre-created PVC is meant to be used - by the pod, the PVC has to updated with an owner reference - to the pod once the pod exists. Normally this should not - be necessary, but it may be useful when manually reconstructing - a broken cluster. \n This field is read-only and no changes - will be made by Kubernetes to the PVC after it has been - created. \n Required, must not be nil." - properties: - metadata: - description: May contain labels and annotations that will - be copied into the PVC when creating it. No other fields - are allowed and will be rejected during validation. - type: object - spec: - description: The specification for the PersistentVolumeClaim. - The entire content is copied unchanged into the PVC - that gets created from this template. The same fields - as in a PersistentVolumeClaim are also valid here. - properties: - accessModes: - description: 'accessModes contains the desired access - modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - dataSource: - description: 'dataSource field can be used to specify - either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) If the - provisioner or an external controller can support - the specified data source, it will create a new - volume based on the contents of the specified data - source. When the AnyVolumeDataSource feature gate - is enabled, dataSource contents will be copied to - dataSourceRef, and dataSourceRef contents will be - copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace is specified, - then dataSourceRef will not be copied to dataSource.' - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is - required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: 'dataSourceRef specifies the object from - which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a - non-empty API group (non core object) or a PersistentVolumeClaim - object. When this field is specified, volume binding - will only succeed if the type of the specified object - matches some installed volume populator or dynamic - provisioner. This field will replace the functionality - of the dataSource field and as such if both fields - are non-empty, they must have the same value. For - backwards compatibility, when namespace isn''t specified - in dataSourceRef, both fields (dataSource and dataSourceRef) - will be set to the same value automatically if one - of them is empty and the other is non-empty. When - namespace is specified in dataSourceRef, dataSource - isn''t set to the same value and must be empty. - There are three important differences between dataSource - and dataSourceRef: * While dataSource only allows - two specific types of objects, dataSourceRef allows - any non-core object, as well as PersistentVolumeClaim - objects. * While dataSource ignores disallowed values - (dropping them), dataSourceRef preserves all values, - and generates an error if a disallowed value is - specified. * While dataSource only allows local - objects, dataSourceRef allows objects in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource - feature gate to be enabled. (Alpha) Using the namespace - field of dataSourceRef requires the CrossNamespaceVolumeDataSource - feature gate to be enabled.' - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is - required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - namespace: - description: Namespace is the namespace of resource - being referenced Note that when a namespace - is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent namespace - to allow that namespace's owner to accept the - reference. See the ReferenceGrant documentation - for details. (Alpha) This field requires the - CrossNamespaceVolumeDataSource feature gate - to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: 'resources represents the minimum resources - the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to specify - resource requirements that are lower than previous - value but must still be higher than capacity recorded - in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - properties: - claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field - and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It - can only be set for containers." - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of - one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes - that resource available inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is - omitted for a container, it defaults to Limits - if that is explicitly specified, otherwise to - an implementation-defined value. Requests cannot - exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - selector: - description: selector is a label query over volumes - to consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: 'storageClassName is the name of the - StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeMode: - description: volumeMode defines what type of volume - is required by the claim. Value of Filesystem is - implied when not included in claim spec. - type: string - volumeName: - description: volumeName is the binding reference to - the PersistentVolume backing this claim. - type: string - type: object - required: - - spec - type: object - type: object - volumeClaimTemplate: - description: Defines the PVC spec to be used by the Prometheus - StatefulSets. The easiest way to use a volume that cannot be - automatically provisioned is to use a label selector alongside - manually created PersistentVolumes. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST - resource this object represents. Servers may infer this - from the endpoint the client submits requests to. Cannot - be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - description: EmbeddedMetadata contains metadata relevant to - an EmbeddedResource. - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations is an unstructured key value - map stored with a resource that may be set by external - tools to store and retrieve arbitrary metadata. They - are not queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - labels: - additionalProperties: - type: string - description: 'Map of string keys and values that can be - used to organize and categorize (scope and select) objects. - May match selectors of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: 'Name must be unique within a namespace. - Is required when creating resources, although some resources - may allow a client to request the generation of an appropriate - name automatically. Name is primarily intended for creation - idempotence and configuration definition. Cannot be - updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - type: object - spec: - description: 'Defines the desired characteristics of a volume - requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - accessModes: - description: 'accessModes contains the desired access - modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - dataSource: - description: 'dataSource field can be used to specify - either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) If the provisioner - or an external controller can support the specified - data source, it will create a new volume based on the - contents of the specified data source. When the AnyVolumeDataSource - feature gate is enabled, dataSource contents will be - copied to dataSourceRef, and dataSourceRef contents - will be copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace is specified, then - dataSourceRef will not be copied to dataSource.' - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: 'dataSourceRef specifies the object from - which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a non-empty - API group (non core object) or a PersistentVolumeClaim - object. When this field is specified, volume binding - will only succeed if the type of the specified object - matches some installed volume populator or dynamic provisioner. - This field will replace the functionality of the dataSource - field and as such if both fields are non-empty, they - must have the same value. For backwards compatibility, - when namespace isn''t specified in dataSourceRef, both - fields (dataSource and dataSourceRef) will be set to - the same value automatically if one of them is empty - and the other is non-empty. When namespace is specified - in dataSourceRef, dataSource isn''t set to the same - value and must be empty. There are three important differences - between dataSource and dataSourceRef: * While dataSource - only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim - objects. * While dataSource ignores disallowed values - (dropping them), dataSourceRef preserves all values, - and generates an error if a disallowed value is specified. - * While dataSource only allows local objects, dataSourceRef - allows objects in any namespaces. (Beta) Using this - field requires the AnyVolumeDataSource feature gate - to be enabled. (Alpha) Using the namespace field of - dataSourceRef requires the CrossNamespaceVolumeDataSource - feature gate to be enabled.' - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - namespace: - description: Namespace is the namespace of resource - being referenced Note that when a namespace is specified, - a gateway.networking.k8s.io/ReferenceGrant object - is required in the referent namespace to allow that - namespace's owner to accept the reference. See the - ReferenceGrant documentation for details. (Alpha) - This field requires the CrossNamespaceVolumeDataSource - feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: 'resources represents the minimum resources - the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to specify resource - requirements that are lower than previous value but - must still be higher than capacity recorded in the status - field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - properties: - claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used by - this container. \n This is an alpha field and requires - enabling the DynamicResourceAllocation feature gate. - \n This field is immutable. It can only be set for - containers." - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one - entry in pod.spec.resourceClaims of the Pod - where this field is used. It makes that resource - available inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - selector: - description: selector is a label query over volumes to - consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: 'storageClassName is the name of the StorageClass - required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeMode: - description: volumeMode defines what type of volume is - required by the claim. Value of Filesystem is implied - when not included in claim spec. - type: string - volumeName: - description: volumeName is the binding reference to the - PersistentVolume backing this claim. - type: string - type: object - status: - description: '*Deprecated: this field is never set.*' - properties: - accessModes: - description: 'accessModes contains the actual access modes - the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - allocatedResourceStatuses: - additionalProperties: - description: When a controller receives persistentvolume - claim update with ClaimResourceStatus for a resource - that it does not recognizes, then it should ignore - that update and let other controllers handle it. - type: string - description: "allocatedResourceStatuses stores status - of resource being resized for the given PVC. Key names - follow standard Kubernetes label syntax. Valid values - are either: * Un-prefixed keys: - storage - the capacity - of the volume. * Custom resources must use implementation-defined - prefixed names such as \"example.com/my-custom-resource\" - Apart from above values - keys that are unprefixed or - have kubernetes.io prefix are considered reserved and - hence may not be used. \n ClaimResourceStatus can be - in any of following states: - ControllerResizeInProgress: - State set when resize controller starts resizing the - volume in control-plane. - ControllerResizeFailed: State - set when resize has failed in resize controller with - a terminal error. - NodeResizePending: State set when - resize controller has finished resizing the volume but - further resizing of volume is needed on the node. - - NodeResizeInProgress: State set when kubelet starts - resizing the volume. - NodeResizeFailed: State set when - resizing has failed in kubelet with a terminal error. - Transient errors don't set NodeResizeFailed. For example: - if expanding a PVC for more capacity - this field can - be one of the following states: - pvc.status.allocatedResourceStatus['storage'] - = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] - = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizeFailed\" When this field is not set, it - means that no resize operation is in progress for the - given PVC. \n A controller that receives PVC update - with previously unknown resourceName or ClaimResourceStatus - should ignore the update for the purpose it was designed. - For example - a controller that only is responsible - for resizing capacity of the volume, should ignore PVC - updates that change other valid resources associated - with PVC. \n This is an alpha field and requires enabling - RecoverVolumeExpansionFailure feature." - type: object - x-kubernetes-map-type: granular - allocatedResources: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: "allocatedResources tracks the resources - allocated to a PVC including its capacity. Key names - follow standard Kubernetes label syntax. Valid values - are either: * Un-prefixed keys: - storage - the capacity - of the volume. * Custom resources must use implementation-defined - prefixed names such as \"example.com/my-custom-resource\" - Apart from above values - keys that are unprefixed or - have kubernetes.io prefix are considered reserved and - hence may not be used. \n Capacity reported here may - be larger than the actual capacity when a volume expansion - operation is requested. For storage quota, the larger - value from allocatedResources and PVC.spec.resources - is used. If allocatedResources is not set, PVC.spec.resources - alone is used for quota calculation. If a volume expansion - capacity request is lowered, allocatedResources is only - lowered if there are no expansion operations in progress - and if the actual volume capacity is equal or lower - than the requested capacity. \n A controller that receives - PVC update with previously unknown resourceName should - ignore the update for the purpose it was designed. For - example - a controller that only is responsible for - resizing capacity of the volume, should ignore PVC updates - that change other valid resources associated with PVC. - \n This is an alpha field and requires enabling RecoverVolumeExpansionFailure - feature." - type: object - capacity: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: capacity represents the actual resources - of the underlying volume. - type: object - conditions: - description: conditions is the current Condition of persistent - volume claim. If underlying persistent volume is being - resized then the Condition will be set to 'ResizeStarted'. - items: - description: PersistentVolumeClaimCondition contains - details about state of pvc - properties: - lastProbeTime: - description: lastProbeTime is the time we probed - the condition. - format: date-time - type: string - lastTransitionTime: - description: lastTransitionTime is the time the - condition transitioned from one status to another. - format: date-time - type: string - message: - description: message is the human-readable message - indicating details about last transition. - type: string - reason: - description: reason is a unique, this should be - a short, machine understandable string that gives - the reason for condition's last transition. If - it reports "ResizeStarted" that means the underlying - persistent volume is being resized. - type: string - status: - type: string - type: - description: PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type - type: string - required: - - status - - type - type: object - type: array - phase: - description: phase represents the current phase of PersistentVolumeClaim. - type: string - type: object - type: object - type: object - tolerations: - description: Tolerations, if specified, controls the pod's tolerations. - items: - description: The pod this Toleration is attached to tolerates any - taint that matches the triple using the matching - operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match all - values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the - value. Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod - can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time - the toleration (which must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. By default, it - is not set, which means tolerate the taint forever (do not - evict). Zero and negative values will be treated as 0 (evict - immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - topologySpreadConstraints: - description: TopologySpreadConstraints, if specified, controls the - pod's topology spread constraints. - items: - description: TopologySpreadConstraint specifies how to spread matching - pods among the given topology. - properties: - labelSelector: - description: LabelSelector is used to find matching pods. Pods - that match this label selector are counted to determine the - number of pods in their corresponding topology domain. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select - the pods over which spreading will be calculated. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are ANDed with labelSelector to select the - group of existing pods over which spreading will be calculated - for the incoming pod. The same key is forbidden to exist in - both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot - be set when LabelSelector isn't set. Keys that don't exist - in the incoming pod labels will be ignored. A null or empty - list means only match against labelSelector. \n This is a - beta field and requires the MatchLabelKeysInPodTopologySpread - feature gate to be enabled (enabled by default)." - items: - type: string - type: array - x-kubernetes-list-type: atomic - maxSkew: - description: 'MaxSkew describes the degree to which pods may - be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, - it is the maximum permitted difference between the number - of matching pods in the target topology and the global minimum. - The global minimum is the minimum number of matching pods - in an eligible domain or zero if the number of eligible domains - is less than MinDomains. For example, in a 3-zone cluster, - MaxSkew is set to 1, and pods with the same labelSelector - spread as 2/2/1: In this case, the global minimum is 1. | - zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew - is 1, incoming pod can only be scheduled to zone3 to become - 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) - on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming - pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, - it is used to give higher precedence to topologies that satisfy - it. It''s a required field. Default value is 1 and 0 is not - allowed.' - format: int32 - type: integer - minDomains: - description: "MinDomains indicates a minimum number of eligible - domains. When the number of eligible domains with matching - topology keys is less than minDomains, Pod Topology Spread - treats \"global minimum\" as 0, and then the calculation of - Skew is performed. And when the number of eligible domains - with matching topology keys equals or greater than minDomains, - this value has no effect on scheduling. As a result, when - the number of eligible domains is less than minDomains, scheduler - won't schedule more than maxSkew Pods to those domains. If - value is nil, the constraint behaves as if MinDomains is equal - to 1. Valid values are integers greater than 0. When value - is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For - example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains - is set to 5 and pods with the same labelSelector spread as - 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | - The number of domains is less than 5(MinDomains), so \"global - minimum\" is treated as 0. In this situation, new pod with - the same labelSelector cannot be scheduled, because computed - skew will be 3(3 - 0) if new Pod is scheduled to any of the - three zones, it will violate MaxSkew. \n This is a beta field - and requires the MinDomainsInPodTopologySpread feature gate - to be enabled (enabled by default)." - format: int32 - type: integer - nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat - Pod's nodeAffinity/nodeSelector when calculating pod topology - spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector - are included in the calculations. - Ignore: nodeAffinity/nodeSelector - are ignored. All nodes are included in the calculations. \n - If this value is nil, the behavior is equivalent to the Honor - policy. This is a beta-level feature default enabled by the - NodeInclusionPolicyInPodTopologySpread feature flag." - type: string - nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node - taints when calculating pod topology spread skew. Options - are: - Honor: nodes without taints, along with tainted nodes - for which the incoming pod has a toleration, are included. - - Ignore: node taints are ignored. All nodes are included. - \n If this value is nil, the behavior is equivalent to the - Ignore policy. This is a beta-level feature default enabled - by the NodeInclusionPolicyInPodTopologySpread feature flag." - type: string - topologyKey: - description: TopologyKey is the key of node labels. Nodes that - have a label with this key and identical values are considered - to be in the same topology. We consider each - as a "bucket", and try to put balanced number of pods into - each bucket. We define a domain as a particular instance of - a topology. Also, we define an eligible domain as a domain - whose nodes meet the requirements of nodeAffinityPolicy and - nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", - each Node is a domain of that topology. And, if TopologyKey - is "topology.kubernetes.io/zone", each zone is a domain of - that topology. It's a required field. - type: string - whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates how to deal with a - pod if it doesn''t satisfy the spread constraint. - DoNotSchedule - (default) tells the scheduler not to schedule it. - ScheduleAnyway - tells the scheduler to schedule the pod in any location, but - giving higher precedence to topologies that would help reduce - the skew. A constraint is considered "Unsatisfiable" for an - incoming pod if and only if every possible node assignment - for that pod would violate "MaxSkew" on some topology. For - example, in a 3-zone cluster, MaxSkew is set to 1, and pods - with the same labelSelector spread as 3/1/1: | zone1 | zone2 - | zone3 | | P P P | P | P | If WhenUnsatisfiable is - set to DoNotSchedule, incoming pod can only be scheduled to - zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on - zone2(zone3) satisfies MaxSkew(1). In other words, the cluster - can still be imbalanced, but scheduler won''t make it *more* - imbalanced. It''s a required field.' - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - version: - description: Version of Grafana Agent to be deployed. - type: string - volumeMounts: - description: VolumeMounts lets you configure additional VolumeMounts - on the output StatefulSet definition. Specified VolumeMounts are - appended to other VolumeMounts generated as a result of StorageSpec - objects in the Grafana Agent container. - items: - description: VolumeMount describes a mounting of a Volume within - a container. - properties: - mountPath: - description: Path within the container at which the volume should - be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are propagated - from the host to container and the other way around. When - not set, MountPropagationNone is used. This field is beta - in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which the - container's volume should be mounted. Behaves similarly to - SubPath but environment variable references $(VAR_NAME) are - expanded using the container's environment. Defaults to "" - (volume's root). SubPathExpr and SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - volumes: - description: Volumes allows configuration of additional volumes on - the output StatefulSet definition. The volumes specified are appended - to other volumes that are generated as a result of StorageSpec objects. - items: - description: Volume represents a named volume in a pod that may - be accessed by any container in the pod. - properties: - awsElasticBlockStore: - description: 'awsElasticBlockStore represents an AWS Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - properties: - fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - partition: - description: 'partition is the partition in the volume that - you want to mount. If omitted, the default is to mount - by volume name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property empty).' - format: int32 - type: integer - readOnly: - description: 'readOnly value true will force the readOnly - setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: 'volumeID is unique ID of the persistent disk - resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: string - required: - - volumeID - type: object - azureDisk: - description: azureDisk represents an Azure Data Disk mount on - the host and bind mount to the pod. - properties: - cachingMode: - description: 'cachingMode is the Host Caching mode: None, - Read Only, Read Write.' - type: string - diskName: - description: diskName is the Name of the data disk in the - blob storage - type: string - diskURI: - description: diskURI is the URI of data disk in the blob - storage - type: string - fsType: - description: fsType is Filesystem type to mount. Must be - a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. - type: string - kind: - description: 'kind expected values are Shared: multiple - blob disks per storage account Dedicated: single blob - disk per storage account Managed: azure managed data - disk (only in managed availability set). defaults to shared' - type: string - readOnly: - description: readOnly Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - description: azureFile represents an Azure File Service mount - on the host and bind mount to the pod. - properties: - readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretName: - description: secretName is the name of secret that contains - Azure Storage Account Name and Key - type: string - shareName: - description: shareName is the azure share Name - type: string - required: - - secretName - - shareName - type: object - cephfs: - description: cephFS represents a Ceph FS mount on the host that - shares a pod's lifetime - properties: - monitors: - description: 'monitors is Required: Monitors is a collection - of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - items: - type: string - type: array - path: - description: 'path is Optional: Used as the mounted root, - rather than the full Ceph tree, default is /' - type: string - readOnly: - description: 'readOnly is Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: boolean - secretFile: - description: 'secretFile is Optional: SecretFile is the - path to key ring for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - secretRef: - description: 'secretRef is Optional: SecretRef is reference - to the authentication secret for User, default is empty. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - user: - description: 'user is optional: User is the rados user name, - default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - required: - - monitors - type: object - cinder: - description: 'cinder represents a cinder volume attached and - mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - properties: - fsType: - description: 'fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: - description: 'readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: boolean - secretRef: - description: 'secretRef is optional: points to a secret - object containing parameters used to connect to OpenStack.' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - volumeID: - description: 'volumeID used to identify the volume in cinder. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - required: - - volumeID - type: object - configMap: - description: configMap represents a configMap that should populate - this volume - properties: - defaultMode: - description: 'defaultMode is optional: mode bits used to - set permissions on created files by default. Must be an - octal value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - items: - description: items if unspecified, each key-value pair in - the Data field of the referenced ConfigMap will be projected - into the volume as a file whose name is the key and content - is the value. If specified, the listed keys will be projected - into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in - the ConfigMap, the volume setup will error unless it is - marked optional. Paths must be relative and may not contain - the '..' path or start with '..'. - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to - set permissions on this file. Must be an octal value - between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. If not - specified, the volume defaultMode will be used. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: path is the relative path of the file - to map the key to. May not be an absolute path. - May not contain the path element '..'. May not start - with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its - keys must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - csi: - description: csi (Container Storage Interface) represents ephemeral - storage that is handled by certain external CSI drivers (Beta - feature). - properties: - driver: - description: driver is the name of the CSI driver that handles - this volume. Consult with your admin for the correct name - as registered in the cluster. - type: string - fsType: - description: fsType to mount. Ex. "ext4", "xfs", "ntfs". - If not provided, the empty value is passed to the associated - CSI driver which will determine the default filesystem - to apply. - type: string - nodePublishSecretRef: - description: nodePublishSecretRef is a reference to the - secret object containing sensitive information to pass - to the CSI driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This field is optional, - and may be empty if no secret is required. If the secret - object contains more than one secret, all secret references - are passed. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - readOnly: - description: readOnly specifies a read-only configuration - for the volume. Defaults to false (read/write). - type: boolean - volumeAttributes: - additionalProperties: - type: string - description: volumeAttributes stores driver-specific properties - that are passed to the CSI driver. Consult your driver's - documentation for supported values. - type: object - required: - - driver - type: object - downwardAPI: - description: downwardAPI represents downward API about the pod - that should populate this volume - properties: - defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a Optional: mode bits used to set - permissions on created files by default. Must be an octal - value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - items: - description: Items is a list of downward API volume file - items: - description: DownwardAPIVolumeFile represents information - to create the file containing the pod field - properties: - fieldRef: - description: 'Required: Selects a field of the pod: - only annotations, labels, name and namespace are - supported.' - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to set permissions - on this file, must be an octal value between 0000 - and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires - decimal values for mode bits. If not specified, - the volume defaultMode will be used. This might - be in conflict with other options that affect the - file mode, like fsGroup, and the result can be other - mode bits set.' - format: int32 - type: integer - path: - description: 'Required: Path is the relative path - name of the file to be created. Must not be absolute - or contain the ''..'' path. Must be utf-8 encoded. - The first item of the relative path must not start - with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, requests.cpu and requests.memory) - are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - emptyDir: - description: 'emptyDir represents a temporary directory that - shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - properties: - medium: - description: 'medium represents what type of storage medium - should back this directory. The default is "" which means - to use the node''s default medium. Must be an empty string - (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - description: 'sizeLimit is the total amount of local storage - required for this EmptyDir volume. The size limit is also - applicable for memory medium. The maximum usage on memory - medium EmptyDir would be the minimum value between the - SizeLimit specified here and the sum of memory limits - of all containers in a pod. The default is nil which means - that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - description: "ephemeral represents a volume that is handled - by a cluster storage driver. The volume's lifecycle is tied - to the pod that defines it - it will be created before the - pod starts, and deleted when the pod is removed. \n Use this - if: a) the volume is only needed while the pod runs, b) features - of normal volumes like restoring from snapshot or capacity - tracking are needed, c) the storage driver is specified through - a storage class, and d) the storage driver supports dynamic - volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource - for more information on the connection between this volume - type and PersistentVolumeClaim). \n Use PersistentVolumeClaim - or one of the vendor-specific APIs for volumes that persist - for longer than the lifecycle of an individual pod. \n Use - CSI for light-weight local ephemeral volumes if the CSI driver - is meant to be used that way - see the documentation of the - driver for more information. \n A pod can use both types of - ephemeral volumes and persistent volumes at the same time." - properties: - volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to - provision the volume. The pod in which this EphemeralVolumeSource - is embedded will be the owner of the PVC, i.e. the PVC - will be deleted together with the pod. The name of the - PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. - Pod validation will reject the pod if the concatenated - name is not valid for a PVC (for example, too long). \n - An existing PVC with that name that is not owned by the - pod will *not* be used for the pod to avoid using an unrelated - volume by mistake. Starting the pod is then blocked until - the unrelated PVC is removed. If such a pre-created PVC - is meant to be used by the pod, the PVC has to updated - with an owner reference to the pod once the pod exists. - Normally this should not be necessary, but it may be useful - when manually reconstructing a broken cluster. \n This - field is read-only and no changes will be made by Kubernetes - to the PVC after it has been created. \n Required, must - not be nil." - properties: - metadata: - description: May contain labels and annotations that - will be copied into the PVC when creating it. No other - fields are allowed and will be rejected during validation. - type: object - spec: - description: The specification for the PersistentVolumeClaim. - The entire content is copied unchanged into the PVC - that gets created from this template. The same fields - as in a PersistentVolumeClaim are also valid here. - properties: - accessModes: - description: 'accessModes contains the desired access - modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - dataSource: - description: 'dataSource field can be used to specify - either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) If the - provisioner or an external controller can support - the specified data source, it will create a new - volume based on the contents of the specified - data source. When the AnyVolumeDataSource feature - gate is enabled, dataSource contents will be copied - to dataSourceRef, and dataSourceRef contents will - be copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace is specified, - then dataSourceRef will not be copied to dataSource.' - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API - group. For any other third-party types, APIGroup - is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: 'dataSourceRef specifies the object - from which to populate the volume with data, if - a non-empty volume is desired. This may be any - object from a non-empty API group (non core object) - or a PersistentVolumeClaim object. When this field - is specified, volume binding will only succeed - if the type of the specified object matches some - installed volume populator or dynamic provisioner. - This field will replace the functionality of the - dataSource field and as such if both fields are - non-empty, they must have the same value. For - backwards compatibility, when namespace isn''t - specified in dataSourceRef, both fields (dataSource - and dataSourceRef) will be set to the same value - automatically if one of them is empty and the - other is non-empty. When namespace is specified - in dataSourceRef, dataSource isn''t set to the - same value and must be empty. There are three - important differences between dataSource and dataSourceRef: - * While dataSource only allows two specific types - of objects, dataSourceRef allows any non-core - object, as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values (dropping - them), dataSourceRef preserves all values, and - generates an error if a disallowed value is specified. - * While dataSource only allows local objects, - dataSourceRef allows objects in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource - feature gate to be enabled. (Alpha) Using the - namespace field of dataSourceRef requires the - CrossNamespaceVolumeDataSource feature gate to - be enabled.' - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API - group. For any other third-party types, APIGroup - is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - namespace: - description: Namespace is the namespace of resource - being referenced Note that when a namespace - is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent namespace - to allow that namespace's owner to accept - the reference. See the ReferenceGrant documentation - for details. (Alpha) This field requires the - CrossNamespaceVolumeDataSource feature gate - to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: 'resources represents the minimum resources - the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to specify - resource requirements that are lower than previous - value but must still be higher than capacity recorded - in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - properties: - claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field - and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. - It can only be set for containers." - items: - description: ResourceClaim references one - entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name - of one entry in pod.spec.resourceClaims - of the Pod where this field is used. - It makes that resource available inside - a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. If Requests - is omitted for a container, it defaults to - Limits if that is explicitly specified, otherwise - to an implementation-defined value. Requests - cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - selector: - description: selector is a label query over volumes - to consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: 'storageClassName is the name of the - StorageClass required by the claim. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeMode: - description: volumeMode defines what type of volume - is required by the claim. Value of Filesystem - is implied when not included in claim spec. - type: string - volumeName: - description: volumeName is the binding reference - to the PersistentVolume backing this claim. - type: string - type: object - required: - - spec - type: object - type: object - fc: - description: fc represents a Fibre Channel resource that is - attached to a kubelet's host machine and then exposed to the - pod. - properties: - fsType: - description: 'fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. TODO: how do we prevent errors in the - filesystem from compromising the machine' - type: string - lun: - description: 'lun is Optional: FC target lun number' - format: int32 - type: integer - readOnly: - description: 'readOnly is Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - targetWWNs: - description: 'targetWWNs is Optional: FC target worldwide - names (WWNs)' - items: - type: string - type: array - wwids: - description: 'wwids Optional: FC volume world wide identifiers - (wwids) Either wwids or combination of targetWWNs and - lun must be set, but not both simultaneously.' - items: - type: string - type: array - type: object - flexVolume: - description: flexVolume represents a generic volume resource - that is provisioned/attached using an exec based plugin. - properties: - driver: - description: driver is the name of the driver to use for - this volume. - type: string - fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". The default filesystem depends - on FlexVolume script. - type: string - options: - additionalProperties: - type: string - description: 'options is Optional: this field holds extra - command options if any.' - type: object - readOnly: - description: 'readOnly is Optional: defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - secretRef: - description: 'secretRef is Optional: secretRef is reference - to the secret object containing sensitive information - to pass to the plugin scripts. This may be empty if no - secret object is specified. If the secret object contains - more than one secret, all secrets are passed to the plugin - scripts.' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - required: - - driver - type: object - flocker: - description: flocker represents a Flocker volume attached to - a kubelet's host machine. This depends on the Flocker control - service being running - properties: - datasetName: - description: datasetName is Name of the dataset stored as - metadata -> name on the dataset for Flocker should be - considered as deprecated - type: string - datasetUUID: - description: datasetUUID is the UUID of the dataset. This - is unique identifier of a Flocker dataset - type: string - type: object - gcePersistentDisk: - description: 'gcePersistentDisk represents a GCE Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - properties: - fsType: - description: 'fsType is filesystem type of the volume that - you want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - partition: - description: 'partition is the partition in the volume that - you want to mount. If omitted, the default is to mount - by volume name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - format: int32 - type: integer - pdName: - description: 'pdName is unique name of the PD resource in - GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: string - readOnly: - description: 'readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: boolean - required: - - pdName - type: object - gitRepo: - description: 'gitRepo represents a git repository at a particular - revision. DEPRECATED: GitRepo is deprecated. To provision - a container with a git repo, mount an EmptyDir into an InitContainer - that clones the repo using git, then mount the EmptyDir into - the Pod''s container.' - properties: - directory: - description: directory is the target directory name. Must - not contain or start with '..'. If '.' is supplied, the - volume directory will be the git repository. Otherwise, - if specified, the volume will contain the git repository - in the subdirectory with the given name. - type: string - repository: - description: repository is the URL - type: string - revision: - description: revision is the commit hash for the specified - revision. - type: string - required: - - repository - type: object - glusterfs: - description: 'glusterfs represents a Glusterfs mount on the - host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' - properties: - endpoints: - description: 'endpoints is the endpoint name that details - Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - path: - description: 'path is the Glusterfs volume path. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - readOnly: - description: 'readOnly here will force the Glusterfs volume - to be mounted with read-only permissions. Defaults to - false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: boolean - required: - - endpoints - - path - type: object - hostPath: - description: 'hostPath represents a pre-existing file or directory - on the host machine that is directly exposed to the container. - This is generally used for system agents or other privileged - things that are allowed to see the host machine. Most containers - will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can use host directory - mounts and who can/can not mount host directories as read/write.' - properties: - path: - description: 'path of the directory on the host. If the - path is a symlink, it will follow the link to the real - path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - type: - description: 'type for HostPath Volume Defaults to "" More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - required: - - path - type: object - iscsi: - description: 'iscsi represents an ISCSI Disk resource that is - attached to a kubelet''s host machine and then exposed to - the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' - properties: - chapAuthDiscovery: - description: chapAuthDiscovery defines whether support iSCSI - Discovery CHAP authentication - type: boolean - chapAuthSession: - description: chapAuthSession defines whether support iSCSI - Session CHAP authentication - type: boolean - fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - initiatorName: - description: initiatorName is the custom iSCSI Initiator - Name. If initiatorName is specified with iscsiInterface - simultaneously, new iSCSI interface : will be created for the connection. - type: string - iqn: - description: iqn is the target iSCSI Qualified Name. - type: string - iscsiInterface: - description: iscsiInterface is the interface Name that uses - an iSCSI transport. Defaults to 'default' (tcp). - type: string - lun: - description: lun represents iSCSI Target Lun number. - format: int32 - type: integer - portals: - description: portals is the iSCSI Target Portal List. The - portal is either an IP or ip_addr:port if the port is - other than default (typically TCP ports 860 and 3260). - items: - type: string - type: array - readOnly: - description: readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. - type: boolean - secretRef: - description: secretRef is the CHAP Secret for iSCSI target - and initiator authentication - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - targetPortal: - description: targetPortal is iSCSI Target Portal. The Portal - is either an IP or ip_addr:port if the port is other than - default (typically TCP ports 860 and 3260). - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - description: 'name of the volume. Must be a DNS_LABEL and unique - within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - nfs: - description: 'nfs represents an NFS mount on the host that shares - a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - properties: - path: - description: 'path that is exported by the NFS server. More - info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - readOnly: - description: 'readOnly here will force the NFS export to - be mounted with read-only permissions. Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: boolean - server: - description: 'server is the hostname or IP address of the - NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource represents a - reference to a PersistentVolumeClaim in the same namespace. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - claimName: - description: 'claimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this volume. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: - description: readOnly Will force the ReadOnly setting in - VolumeMounts. Default false. - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host machine - properties: - fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. - type: string - pdID: - description: pdID is the ID that identifies Photon Controller - persistent disk - type: string - required: - - pdID - type: object - portworxVolume: - description: portworxVolume represents a portworx volume attached - and mounted on kubelets host machine - properties: - fsType: - description: fSType represents the filesystem type to mount - Must be a filesystem type supported by the host operating - system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" - if unspecified. - type: string - readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: - description: volumeID uniquely identifies a Portworx volume - type: string - required: - - volumeID - type: object - projected: - description: projected items for all in one resources secrets, - configmaps, and downward API - properties: - defaultMode: - description: defaultMode are the mode bits used to set permissions - on created files by default. Must be an octal value between - 0000 and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires decimal - values for mode bits. Directories within the path are - not affected by this setting. This might be in conflict - with other options that affect the file mode, like fsGroup, - and the result can be other mode bits set. - format: int32 - type: integer - sources: - description: sources is the list of volume projections - items: - description: Projection that may be projected along with - other supported volume types - properties: - configMap: - description: configMap information about the configMap - data to project - properties: - items: - description: items if unspecified, each key-value - pair in the Data field of the referenced ConfigMap - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the ConfigMap, the volume - setup will error unless it is marked optional. - Paths must be relative and may not contain the - '..' path or start with '..'. - items: - description: Maps a string key to a path within - a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and - 511. YAML accepts both octal and decimal - values, JSON requires decimal values for - mode bits. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: path is the relative path of - the file to map the key to. May not be - an absolute path. May not contain the - path element '..'. May not start with - the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: optional specify whether the ConfigMap - or its keys must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the downwardAPI - data to project - properties: - items: - description: Items is a list of DownwardAPIVolume - file - items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field - properties: - fieldRef: - description: 'Required: Selects a field - of the pod: only annotations, labels, - name and namespace are supported.' - properties: - apiVersion: - description: Version of the schema the - FieldPath is written in terms of, - defaults to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to - set permissions on this file, must be - an octal value between 0000 and 0777 or - a decimal value between 0 and 511. YAML - accepts both octal and decimal values, - JSON requires decimal values for mode - bits. If not specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' - format: int32 - type: integer - path: - description: 'Required: Path is the relative - path name of the file to be created. Must - not be absolute or contain the ''..'' - path. Must be utf-8 encoded. The first - item of the relative path must not start - with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the - container: only resources limits and requests - (limits.cpu, limits.memory, requests.cpu - and requests.memory) are currently supported.' - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults - to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to - select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - secret: - description: secret information about the secret data - to project - properties: - items: - description: items if unspecified, each key-value - pair in the Data field of the referenced Secret - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the Secret, the volume setup - will error unless it is marked optional. Paths - must be relative and may not contain the '..' - path or start with '..'. - items: - description: Maps a string key to a path within - a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and - 511. YAML accepts both octal and decimal - values, JSON requires decimal values for - mode bits. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: path is the relative path of - the file to map the key to. May not be - an absolute path. May not contain the - path element '..'. May not start with - the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: optional field specify whether the - Secret or its key must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information about - the serviceAccountToken data to project - properties: - audience: - description: audience is the intended audience - of the token. A recipient of a token must identify - itself with an identifier specified in the audience - of the token, and otherwise should reject the - token. The audience defaults to the identifier - of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is the requested - duration of validity of the service account - token. As the token approaches expiration, the - kubelet volume plugin will proactively rotate - the service account token. The kubelet will - start trying to rotate the token if the token - is older than 80 percent of its time to live - or if the token is older than 24 hours.Defaults - to 1 hour and must be at least 10 minutes. - format: int64 - type: integer - path: - description: path is the path relative to the - mount point of the file to project the token - into. - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - description: quobyte represents a Quobyte mount on the host - that shares a pod's lifetime - properties: - group: - description: group to map volume access to Default is no - group - type: string - readOnly: - description: readOnly here will force the Quobyte volume - to be mounted with read-only permissions. Defaults to - false. - type: boolean - registry: - description: registry represents a single or multiple Quobyte - Registry services specified as a string as host:port pair - (multiple entries are separated with commas) which acts - as the central registry for volumes - type: string - tenant: - description: tenant owning the given Quobyte volume in the - Backend Used with dynamically provisioned Quobyte volumes, - value is set by the plugin - type: string - user: - description: user to map volume access to Defaults to serivceaccount - user - type: string - volume: - description: volume is a string that references an already - created Quobyte volume by name. - type: string - required: - - registry - - volume - type: object - rbd: - description: 'rbd represents a Rados Block Device mount on the - host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' - properties: - fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - image: - description: 'image is the rados image name. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - keyring: - description: 'keyring is the path to key ring for RBDUser. - Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - monitors: - description: 'monitors is a collection of Ceph monitors. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - items: - type: string - type: array - pool: - description: 'pool is the rados pool name. Default is rbd. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - readOnly: - description: 'readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: boolean - secretRef: - description: 'secretRef is name of the authentication secret - for RBDUser. If provided overrides keyring. Default is - nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - user: - description: 'user is the rados user name. Default is admin. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - required: - - image - - monitors - type: object - scaleIO: - description: scaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. - properties: - fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Default is "xfs". - type: string - gateway: - description: gateway is the host address of the ScaleIO - API Gateway. - type: string - protectionDomain: - description: protectionDomain is the name of the ScaleIO - Protection Domain for the configured storage. - type: string - readOnly: - description: readOnly Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: secretRef references to the secret for ScaleIO - user and other sensitive information. If this is not provided, - Login operation will fail. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - sslEnabled: - description: sslEnabled Flag enable/disable SSL communication - with Gateway, default false - type: boolean - storageMode: - description: storageMode indicates whether the storage for - a volume should be ThickProvisioned or ThinProvisioned. - Default is ThinProvisioned. - type: string - storagePool: - description: storagePool is the ScaleIO Storage Pool associated - with the protection domain. - type: string - system: - description: system is the name of the storage system as - configured in ScaleIO. - type: string - volumeName: - description: volumeName is the name of a volume already - created in the ScaleIO system that is associated with - this volume source. - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - description: 'secret represents a secret that should populate - this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - properties: - defaultMode: - description: 'defaultMode is Optional: mode bits used to - set permissions on created files by default. Must be an - octal value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - items: - description: items If unspecified, each key-value pair in - the Data field of the referenced Secret will be projected - into the volume as a file whose name is the key and content - is the value. If specified, the listed keys will be projected - into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in - the Secret, the volume setup will error unless it is marked - optional. Paths must be relative and may not contain the - '..' path or start with '..'. - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to - set permissions on this file. Must be an octal value - between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. If not - specified, the volume defaultMode will be used. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: path is the relative path of the file - to map the key to. May not be an absolute path. - May not contain the path element '..'. May not start - with the string '..'. - type: string - required: - - key - - path - type: object - type: array - optional: - description: optional field specify whether the Secret or - its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the secret in the - pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - type: object - storageos: - description: storageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. - properties: - fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. - type: string - readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: secretRef specifies the secret to use for obtaining - the StorageOS API credentials. If not specified, default - values will be attempted. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - volumeName: - description: volumeName is the human-readable name of the - StorageOS volume. Volume names are only unique within - a namespace. - type: string - volumeNamespace: - description: volumeNamespace specifies the scope of the - volume within StorageOS. If no namespace is specified - then the Pod's namespace will be used. This allows the - Kubernetes name scoping to be mirrored within StorageOS - for tighter integration. Set VolumeName to any name to - override the default behaviour. Set to "default" if you - are not using namespaces within StorageOS. Namespaces - that do not pre-exist within StorageOS will be created. - type: string - type: object - vsphereVolume: - description: vsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine - properties: - fsType: - description: fsType is filesystem type to mount. Must be - a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. - type: string - storagePolicyID: - description: storagePolicyID is the storage Policy Based - Management (SPBM) profile ID associated with the StoragePolicyName. - type: string - storagePolicyName: - description: storagePolicyName is the storage Policy Based - Management (SPBM) profile name. - type: string - volumePath: - description: volumePath is the path that identifies vSphere - volume vmdk - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - type: object - type: object - served: true - storage: true diff --git a/production/operator/crds/monitoring.grafana.com_integrations.yaml b/production/operator/crds/monitoring.grafana.com_integrations.yaml deleted file mode 100644 index e786166447fd..000000000000 --- a/production/operator/crds/monitoring.grafana.com_integrations.yaml +++ /dev/null @@ -1,1738 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: integrations.monitoring.grafana.com -spec: - group: monitoring.grafana.com - names: - categories: - - agent-operator - kind: Integration - listKind: IntegrationList - plural: integrations - singular: integration - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: "Integration runs a single Grafana Agent integration. Integrations - that generate telemetry must be configured to send that telemetry somewhere, - such as autoscrape for exporter-based integrations. \n Integrations have - access to the LogsInstances and MetricsInstances in the same GrafanaAgent - resource set, referenced by the / of the Instance resource. - \n For example, if there is a default/production MetricsInstance, you can - configure a supported integration's autoscrape block with: \n autoscrape: - enable: true metrics_instance: default/production \n There is currently - no way for telemetry created by an Operator-managed integration to be collected - from outside of the integration itself." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Specifies the desired behavior of the Integration. - properties: - config: - description: "The configuration for the named integration. Note that - Integrations are deployed with the integrations-next feature flag, - which has different common settings: \n https://grafana.com/docs/agent/latest/configuration/integrations/integrations-next/" - type: object - x-kubernetes-preserve-unknown-fields: true - configMaps: - description: "An extra list of keys from ConfigMaps in the same namespace - as the Integration which will be mounted into the Grafana Agent - pod running this Integration. \n ConfigMaps are mounted at /etc/grafana-agent/integrations/configMaps///." - items: - description: Selects a key from a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - name: - description: Name of the integration to run (e.g., "node_exporter", - "mysqld_exporter"). - type: string - secrets: - description: "An extra list of keys from Secrets in the same namespace - as the Integration which will be mounted into the Grafana Agent - pod running this Integration. \n Secrets will be mounted at /etc/grafana-agent/integrations/secrets///." - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - type: - description: Type informs Grafana Agent Operator about how to manage - the integration being configured. - properties: - allNodes: - description: When true, the configured integration should be run - on every Node in the cluster. This is required for Integrations - that generate Node-specific metrics like node_exporter, otherwise - it must be false to avoid generating duplicate metrics. - type: boolean - unique: - description: Whether this integration can only be defined once - for a Grafana Agent process, such as statsd_exporter. It is - invalid for a GrafanaAgent to discover multiple unique Integrations - with the same Integration name (i.e., a single GrafanaAgent - cannot deploy two statsd_exporters). - type: boolean - type: object - volumeMounts: - description: "An extra list of VolumeMounts to be associated with - the Grafana Agent pods running this integration. VolumeMount names - are mutated to be unique across all used IntegrationSpecs. \n Mount - paths should include the namespace/name of the Integration CR to - avoid potentially colliding with other resources." - items: - description: VolumeMount describes a mounting of a Volume within - a container. - properties: - mountPath: - description: Path within the container at which the volume should - be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are propagated - from the host to container and the other way around. When - not set, MountPropagationNone is used. This field is beta - in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which the - container's volume should be mounted. Behaves similarly to - SubPath but environment variable references $(VAR_NAME) are - expanded using the container's environment. Defaults to "" - (volume's root). SubPathExpr and SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - volumes: - description: "An extra list of Volumes to be associated with the Grafana - Agent pods running this integration. Volume names are mutated to - be unique across all Integrations. Note that the specified volumes - should be able to tolerate existing on multiple pods at once when - type is daemonset. \n Don't use volumes for loading Secrets or ConfigMaps - from the same namespace as the Integration; use the Secrets and - ConfigMaps fields instead." - items: - description: Volume represents a named volume in a pod that may - be accessed by any container in the pod. - properties: - awsElasticBlockStore: - description: 'awsElasticBlockStore represents an AWS Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - properties: - fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - partition: - description: 'partition is the partition in the volume that - you want to mount. If omitted, the default is to mount - by volume name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property empty).' - format: int32 - type: integer - readOnly: - description: 'readOnly value true will force the readOnly - setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: 'volumeID is unique ID of the persistent disk - resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: string - required: - - volumeID - type: object - azureDisk: - description: azureDisk represents an Azure Data Disk mount on - the host and bind mount to the pod. - properties: - cachingMode: - description: 'cachingMode is the Host Caching mode: None, - Read Only, Read Write.' - type: string - diskName: - description: diskName is the Name of the data disk in the - blob storage - type: string - diskURI: - description: diskURI is the URI of data disk in the blob - storage - type: string - fsType: - description: fsType is Filesystem type to mount. Must be - a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. - type: string - kind: - description: 'kind expected values are Shared: multiple - blob disks per storage account Dedicated: single blob - disk per storage account Managed: azure managed data - disk (only in managed availability set). defaults to shared' - type: string - readOnly: - description: readOnly Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - description: azureFile represents an Azure File Service mount - on the host and bind mount to the pod. - properties: - readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretName: - description: secretName is the name of secret that contains - Azure Storage Account Name and Key - type: string - shareName: - description: shareName is the azure share Name - type: string - required: - - secretName - - shareName - type: object - cephfs: - description: cephFS represents a Ceph FS mount on the host that - shares a pod's lifetime - properties: - monitors: - description: 'monitors is Required: Monitors is a collection - of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - items: - type: string - type: array - path: - description: 'path is Optional: Used as the mounted root, - rather than the full Ceph tree, default is /' - type: string - readOnly: - description: 'readOnly is Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: boolean - secretFile: - description: 'secretFile is Optional: SecretFile is the - path to key ring for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - secretRef: - description: 'secretRef is Optional: SecretRef is reference - to the authentication secret for User, default is empty. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - user: - description: 'user is optional: User is the rados user name, - default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - required: - - monitors - type: object - cinder: - description: 'cinder represents a cinder volume attached and - mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - properties: - fsType: - description: 'fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: - description: 'readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: boolean - secretRef: - description: 'secretRef is optional: points to a secret - object containing parameters used to connect to OpenStack.' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - volumeID: - description: 'volumeID used to identify the volume in cinder. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - required: - - volumeID - type: object - configMap: - description: configMap represents a configMap that should populate - this volume - properties: - defaultMode: - description: 'defaultMode is optional: mode bits used to - set permissions on created files by default. Must be an - octal value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - items: - description: items if unspecified, each key-value pair in - the Data field of the referenced ConfigMap will be projected - into the volume as a file whose name is the key and content - is the value. If specified, the listed keys will be projected - into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in - the ConfigMap, the volume setup will error unless it is - marked optional. Paths must be relative and may not contain - the '..' path or start with '..'. - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to - set permissions on this file. Must be an octal value - between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. If not - specified, the volume defaultMode will be used. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: path is the relative path of the file - to map the key to. May not be an absolute path. - May not contain the path element '..'. May not start - with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its - keys must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - csi: - description: csi (Container Storage Interface) represents ephemeral - storage that is handled by certain external CSI drivers (Beta - feature). - properties: - driver: - description: driver is the name of the CSI driver that handles - this volume. Consult with your admin for the correct name - as registered in the cluster. - type: string - fsType: - description: fsType to mount. Ex. "ext4", "xfs", "ntfs". - If not provided, the empty value is passed to the associated - CSI driver which will determine the default filesystem - to apply. - type: string - nodePublishSecretRef: - description: nodePublishSecretRef is a reference to the - secret object containing sensitive information to pass - to the CSI driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This field is optional, - and may be empty if no secret is required. If the secret - object contains more than one secret, all secret references - are passed. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - readOnly: - description: readOnly specifies a read-only configuration - for the volume. Defaults to false (read/write). - type: boolean - volumeAttributes: - additionalProperties: - type: string - description: volumeAttributes stores driver-specific properties - that are passed to the CSI driver. Consult your driver's - documentation for supported values. - type: object - required: - - driver - type: object - downwardAPI: - description: downwardAPI represents downward API about the pod - that should populate this volume - properties: - defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a Optional: mode bits used to set - permissions on created files by default. Must be an octal - value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - items: - description: Items is a list of downward API volume file - items: - description: DownwardAPIVolumeFile represents information - to create the file containing the pod field - properties: - fieldRef: - description: 'Required: Selects a field of the pod: - only annotations, labels, name and namespace are - supported.' - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to set permissions - on this file, must be an octal value between 0000 - and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires - decimal values for mode bits. If not specified, - the volume defaultMode will be used. This might - be in conflict with other options that affect the - file mode, like fsGroup, and the result can be other - mode bits set.' - format: int32 - type: integer - path: - description: 'Required: Path is the relative path - name of the file to be created. Must not be absolute - or contain the ''..'' path. Must be utf-8 encoded. - The first item of the relative path must not start - with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, requests.cpu and requests.memory) - are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - emptyDir: - description: 'emptyDir represents a temporary directory that - shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - properties: - medium: - description: 'medium represents what type of storage medium - should back this directory. The default is "" which means - to use the node''s default medium. Must be an empty string - (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - description: 'sizeLimit is the total amount of local storage - required for this EmptyDir volume. The size limit is also - applicable for memory medium. The maximum usage on memory - medium EmptyDir would be the minimum value between the - SizeLimit specified here and the sum of memory limits - of all containers in a pod. The default is nil which means - that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - description: "ephemeral represents a volume that is handled - by a cluster storage driver. The volume's lifecycle is tied - to the pod that defines it - it will be created before the - pod starts, and deleted when the pod is removed. \n Use this - if: a) the volume is only needed while the pod runs, b) features - of normal volumes like restoring from snapshot or capacity - tracking are needed, c) the storage driver is specified through - a storage class, and d) the storage driver supports dynamic - volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource - for more information on the connection between this volume - type and PersistentVolumeClaim). \n Use PersistentVolumeClaim - or one of the vendor-specific APIs for volumes that persist - for longer than the lifecycle of an individual pod. \n Use - CSI for light-weight local ephemeral volumes if the CSI driver - is meant to be used that way - see the documentation of the - driver for more information. \n A pod can use both types of - ephemeral volumes and persistent volumes at the same time." - properties: - volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to - provision the volume. The pod in which this EphemeralVolumeSource - is embedded will be the owner of the PVC, i.e. the PVC - will be deleted together with the pod. The name of the - PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. - Pod validation will reject the pod if the concatenated - name is not valid for a PVC (for example, too long). \n - An existing PVC with that name that is not owned by the - pod will *not* be used for the pod to avoid using an unrelated - volume by mistake. Starting the pod is then blocked until - the unrelated PVC is removed. If such a pre-created PVC - is meant to be used by the pod, the PVC has to updated - with an owner reference to the pod once the pod exists. - Normally this should not be necessary, but it may be useful - when manually reconstructing a broken cluster. \n This - field is read-only and no changes will be made by Kubernetes - to the PVC after it has been created. \n Required, must - not be nil." - properties: - metadata: - description: May contain labels and annotations that - will be copied into the PVC when creating it. No other - fields are allowed and will be rejected during validation. - type: object - spec: - description: The specification for the PersistentVolumeClaim. - The entire content is copied unchanged into the PVC - that gets created from this template. The same fields - as in a PersistentVolumeClaim are also valid here. - properties: - accessModes: - description: 'accessModes contains the desired access - modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - dataSource: - description: 'dataSource field can be used to specify - either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) If the - provisioner or an external controller can support - the specified data source, it will create a new - volume based on the contents of the specified - data source. When the AnyVolumeDataSource feature - gate is enabled, dataSource contents will be copied - to dataSourceRef, and dataSourceRef contents will - be copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace is specified, - then dataSourceRef will not be copied to dataSource.' - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API - group. For any other third-party types, APIGroup - is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: 'dataSourceRef specifies the object - from which to populate the volume with data, if - a non-empty volume is desired. This may be any - object from a non-empty API group (non core object) - or a PersistentVolumeClaim object. When this field - is specified, volume binding will only succeed - if the type of the specified object matches some - installed volume populator or dynamic provisioner. - This field will replace the functionality of the - dataSource field and as such if both fields are - non-empty, they must have the same value. For - backwards compatibility, when namespace isn''t - specified in dataSourceRef, both fields (dataSource - and dataSourceRef) will be set to the same value - automatically if one of them is empty and the - other is non-empty. When namespace is specified - in dataSourceRef, dataSource isn''t set to the - same value and must be empty. There are three - important differences between dataSource and dataSourceRef: - * While dataSource only allows two specific types - of objects, dataSourceRef allows any non-core - object, as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values (dropping - them), dataSourceRef preserves all values, and - generates an error if a disallowed value is specified. - * While dataSource only allows local objects, - dataSourceRef allows objects in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource - feature gate to be enabled. (Alpha) Using the - namespace field of dataSourceRef requires the - CrossNamespaceVolumeDataSource feature gate to - be enabled.' - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API - group. For any other third-party types, APIGroup - is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - namespace: - description: Namespace is the namespace of resource - being referenced Note that when a namespace - is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent namespace - to allow that namespace's owner to accept - the reference. See the ReferenceGrant documentation - for details. (Alpha) This field requires the - CrossNamespaceVolumeDataSource feature gate - to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: 'resources represents the minimum resources - the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to specify - resource requirements that are lower than previous - value but must still be higher than capacity recorded - in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - properties: - claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field - and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. - It can only be set for containers." - items: - description: ResourceClaim references one - entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name - of one entry in pod.spec.resourceClaims - of the Pod where this field is used. - It makes that resource available inside - a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. If Requests - is omitted for a container, it defaults to - Limits if that is explicitly specified, otherwise - to an implementation-defined value. Requests - cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - selector: - description: selector is a label query over volumes - to consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: 'storageClassName is the name of the - StorageClass required by the claim. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeMode: - description: volumeMode defines what type of volume - is required by the claim. Value of Filesystem - is implied when not included in claim spec. - type: string - volumeName: - description: volumeName is the binding reference - to the PersistentVolume backing this claim. - type: string - type: object - required: - - spec - type: object - type: object - fc: - description: fc represents a Fibre Channel resource that is - attached to a kubelet's host machine and then exposed to the - pod. - properties: - fsType: - description: 'fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. TODO: how do we prevent errors in the - filesystem from compromising the machine' - type: string - lun: - description: 'lun is Optional: FC target lun number' - format: int32 - type: integer - readOnly: - description: 'readOnly is Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - targetWWNs: - description: 'targetWWNs is Optional: FC target worldwide - names (WWNs)' - items: - type: string - type: array - wwids: - description: 'wwids Optional: FC volume world wide identifiers - (wwids) Either wwids or combination of targetWWNs and - lun must be set, but not both simultaneously.' - items: - type: string - type: array - type: object - flexVolume: - description: flexVolume represents a generic volume resource - that is provisioned/attached using an exec based plugin. - properties: - driver: - description: driver is the name of the driver to use for - this volume. - type: string - fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". The default filesystem depends - on FlexVolume script. - type: string - options: - additionalProperties: - type: string - description: 'options is Optional: this field holds extra - command options if any.' - type: object - readOnly: - description: 'readOnly is Optional: defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - secretRef: - description: 'secretRef is Optional: secretRef is reference - to the secret object containing sensitive information - to pass to the plugin scripts. This may be empty if no - secret object is specified. If the secret object contains - more than one secret, all secrets are passed to the plugin - scripts.' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - required: - - driver - type: object - flocker: - description: flocker represents a Flocker volume attached to - a kubelet's host machine. This depends on the Flocker control - service being running - properties: - datasetName: - description: datasetName is Name of the dataset stored as - metadata -> name on the dataset for Flocker should be - considered as deprecated - type: string - datasetUUID: - description: datasetUUID is the UUID of the dataset. This - is unique identifier of a Flocker dataset - type: string - type: object - gcePersistentDisk: - description: 'gcePersistentDisk represents a GCE Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - properties: - fsType: - description: 'fsType is filesystem type of the volume that - you want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - partition: - description: 'partition is the partition in the volume that - you want to mount. If omitted, the default is to mount - by volume name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - format: int32 - type: integer - pdName: - description: 'pdName is unique name of the PD resource in - GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: string - readOnly: - description: 'readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: boolean - required: - - pdName - type: object - gitRepo: - description: 'gitRepo represents a git repository at a particular - revision. DEPRECATED: GitRepo is deprecated. To provision - a container with a git repo, mount an EmptyDir into an InitContainer - that clones the repo using git, then mount the EmptyDir into - the Pod''s container.' - properties: - directory: - description: directory is the target directory name. Must - not contain or start with '..'. If '.' is supplied, the - volume directory will be the git repository. Otherwise, - if specified, the volume will contain the git repository - in the subdirectory with the given name. - type: string - repository: - description: repository is the URL - type: string - revision: - description: revision is the commit hash for the specified - revision. - type: string - required: - - repository - type: object - glusterfs: - description: 'glusterfs represents a Glusterfs mount on the - host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' - properties: - endpoints: - description: 'endpoints is the endpoint name that details - Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - path: - description: 'path is the Glusterfs volume path. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - readOnly: - description: 'readOnly here will force the Glusterfs volume - to be mounted with read-only permissions. Defaults to - false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: boolean - required: - - endpoints - - path - type: object - hostPath: - description: 'hostPath represents a pre-existing file or directory - on the host machine that is directly exposed to the container. - This is generally used for system agents or other privileged - things that are allowed to see the host machine. Most containers - will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can use host directory - mounts and who can/can not mount host directories as read/write.' - properties: - path: - description: 'path of the directory on the host. If the - path is a symlink, it will follow the link to the real - path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - type: - description: 'type for HostPath Volume Defaults to "" More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - required: - - path - type: object - iscsi: - description: 'iscsi represents an ISCSI Disk resource that is - attached to a kubelet''s host machine and then exposed to - the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' - properties: - chapAuthDiscovery: - description: chapAuthDiscovery defines whether support iSCSI - Discovery CHAP authentication - type: boolean - chapAuthSession: - description: chapAuthSession defines whether support iSCSI - Session CHAP authentication - type: boolean - fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - initiatorName: - description: initiatorName is the custom iSCSI Initiator - Name. If initiatorName is specified with iscsiInterface - simultaneously, new iSCSI interface : will be created for the connection. - type: string - iqn: - description: iqn is the target iSCSI Qualified Name. - type: string - iscsiInterface: - description: iscsiInterface is the interface Name that uses - an iSCSI transport. Defaults to 'default' (tcp). - type: string - lun: - description: lun represents iSCSI Target Lun number. - format: int32 - type: integer - portals: - description: portals is the iSCSI Target Portal List. The - portal is either an IP or ip_addr:port if the port is - other than default (typically TCP ports 860 and 3260). - items: - type: string - type: array - readOnly: - description: readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. - type: boolean - secretRef: - description: secretRef is the CHAP Secret for iSCSI target - and initiator authentication - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - targetPortal: - description: targetPortal is iSCSI Target Portal. The Portal - is either an IP or ip_addr:port if the port is other than - default (typically TCP ports 860 and 3260). - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - description: 'name of the volume. Must be a DNS_LABEL and unique - within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - nfs: - description: 'nfs represents an NFS mount on the host that shares - a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - properties: - path: - description: 'path that is exported by the NFS server. More - info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - readOnly: - description: 'readOnly here will force the NFS export to - be mounted with read-only permissions. Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: boolean - server: - description: 'server is the hostname or IP address of the - NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource represents a - reference to a PersistentVolumeClaim in the same namespace. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - claimName: - description: 'claimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this volume. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: - description: readOnly Will force the ReadOnly setting in - VolumeMounts. Default false. - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host machine - properties: - fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. - type: string - pdID: - description: pdID is the ID that identifies Photon Controller - persistent disk - type: string - required: - - pdID - type: object - portworxVolume: - description: portworxVolume represents a portworx volume attached - and mounted on kubelets host machine - properties: - fsType: - description: fSType represents the filesystem type to mount - Must be a filesystem type supported by the host operating - system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" - if unspecified. - type: string - readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: - description: volumeID uniquely identifies a Portworx volume - type: string - required: - - volumeID - type: object - projected: - description: projected items for all in one resources secrets, - configmaps, and downward API - properties: - defaultMode: - description: defaultMode are the mode bits used to set permissions - on created files by default. Must be an octal value between - 0000 and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires decimal - values for mode bits. Directories within the path are - not affected by this setting. This might be in conflict - with other options that affect the file mode, like fsGroup, - and the result can be other mode bits set. - format: int32 - type: integer - sources: - description: sources is the list of volume projections - items: - description: Projection that may be projected along with - other supported volume types - properties: - configMap: - description: configMap information about the configMap - data to project - properties: - items: - description: items if unspecified, each key-value - pair in the Data field of the referenced ConfigMap - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the ConfigMap, the volume - setup will error unless it is marked optional. - Paths must be relative and may not contain the - '..' path or start with '..'. - items: - description: Maps a string key to a path within - a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and - 511. YAML accepts both octal and decimal - values, JSON requires decimal values for - mode bits. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: path is the relative path of - the file to map the key to. May not be - an absolute path. May not contain the - path element '..'. May not start with - the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: optional specify whether the ConfigMap - or its keys must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the downwardAPI - data to project - properties: - items: - description: Items is a list of DownwardAPIVolume - file - items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field - properties: - fieldRef: - description: 'Required: Selects a field - of the pod: only annotations, labels, - name and namespace are supported.' - properties: - apiVersion: - description: Version of the schema the - FieldPath is written in terms of, - defaults to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to - set permissions on this file, must be - an octal value between 0000 and 0777 or - a decimal value between 0 and 511. YAML - accepts both octal and decimal values, - JSON requires decimal values for mode - bits. If not specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' - format: int32 - type: integer - path: - description: 'Required: Path is the relative - path name of the file to be created. Must - not be absolute or contain the ''..'' - path. Must be utf-8 encoded. The first - item of the relative path must not start - with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the - container: only resources limits and requests - (limits.cpu, limits.memory, requests.cpu - and requests.memory) are currently supported.' - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults - to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to - select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - secret: - description: secret information about the secret data - to project - properties: - items: - description: items if unspecified, each key-value - pair in the Data field of the referenced Secret - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the Secret, the volume setup - will error unless it is marked optional. Paths - must be relative and may not contain the '..' - path or start with '..'. - items: - description: Maps a string key to a path within - a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and - 511. YAML accepts both octal and decimal - values, JSON requires decimal values for - mode bits. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: path is the relative path of - the file to map the key to. May not be - an absolute path. May not contain the - path element '..'. May not start with - the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: optional field specify whether the - Secret or its key must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information about - the serviceAccountToken data to project - properties: - audience: - description: audience is the intended audience - of the token. A recipient of a token must identify - itself with an identifier specified in the audience - of the token, and otherwise should reject the - token. The audience defaults to the identifier - of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is the requested - duration of validity of the service account - token. As the token approaches expiration, the - kubelet volume plugin will proactively rotate - the service account token. The kubelet will - start trying to rotate the token if the token - is older than 80 percent of its time to live - or if the token is older than 24 hours.Defaults - to 1 hour and must be at least 10 minutes. - format: int64 - type: integer - path: - description: path is the path relative to the - mount point of the file to project the token - into. - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - description: quobyte represents a Quobyte mount on the host - that shares a pod's lifetime - properties: - group: - description: group to map volume access to Default is no - group - type: string - readOnly: - description: readOnly here will force the Quobyte volume - to be mounted with read-only permissions. Defaults to - false. - type: boolean - registry: - description: registry represents a single or multiple Quobyte - Registry services specified as a string as host:port pair - (multiple entries are separated with commas) which acts - as the central registry for volumes - type: string - tenant: - description: tenant owning the given Quobyte volume in the - Backend Used with dynamically provisioned Quobyte volumes, - value is set by the plugin - type: string - user: - description: user to map volume access to Defaults to serivceaccount - user - type: string - volume: - description: volume is a string that references an already - created Quobyte volume by name. - type: string - required: - - registry - - volume - type: object - rbd: - description: 'rbd represents a Rados Block Device mount on the - host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' - properties: - fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - image: - description: 'image is the rados image name. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - keyring: - description: 'keyring is the path to key ring for RBDUser. - Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - monitors: - description: 'monitors is a collection of Ceph monitors. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - items: - type: string - type: array - pool: - description: 'pool is the rados pool name. Default is rbd. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - readOnly: - description: 'readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: boolean - secretRef: - description: 'secretRef is name of the authentication secret - for RBDUser. If provided overrides keyring. Default is - nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - user: - description: 'user is the rados user name. Default is admin. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - required: - - image - - monitors - type: object - scaleIO: - description: scaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. - properties: - fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Default is "xfs". - type: string - gateway: - description: gateway is the host address of the ScaleIO - API Gateway. - type: string - protectionDomain: - description: protectionDomain is the name of the ScaleIO - Protection Domain for the configured storage. - type: string - readOnly: - description: readOnly Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: secretRef references to the secret for ScaleIO - user and other sensitive information. If this is not provided, - Login operation will fail. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - sslEnabled: - description: sslEnabled Flag enable/disable SSL communication - with Gateway, default false - type: boolean - storageMode: - description: storageMode indicates whether the storage for - a volume should be ThickProvisioned or ThinProvisioned. - Default is ThinProvisioned. - type: string - storagePool: - description: storagePool is the ScaleIO Storage Pool associated - with the protection domain. - type: string - system: - description: system is the name of the storage system as - configured in ScaleIO. - type: string - volumeName: - description: volumeName is the name of a volume already - created in the ScaleIO system that is associated with - this volume source. - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - description: 'secret represents a secret that should populate - this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - properties: - defaultMode: - description: 'defaultMode is Optional: mode bits used to - set permissions on created files by default. Must be an - octal value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - items: - description: items If unspecified, each key-value pair in - the Data field of the referenced Secret will be projected - into the volume as a file whose name is the key and content - is the value. If specified, the listed keys will be projected - into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in - the Secret, the volume setup will error unless it is marked - optional. Paths must be relative and may not contain the - '..' path or start with '..'. - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to - set permissions on this file. Must be an octal value - between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. If not - specified, the volume defaultMode will be used. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: path is the relative path of the file - to map the key to. May not be an absolute path. - May not contain the path element '..'. May not start - with the string '..'. - type: string - required: - - key - - path - type: object - type: array - optional: - description: optional field specify whether the Secret or - its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the secret in the - pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - type: object - storageos: - description: storageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. - properties: - fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. - type: string - readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: secretRef specifies the secret to use for obtaining - the StorageOS API credentials. If not specified, default - values will be attempted. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - volumeName: - description: volumeName is the human-readable name of the - StorageOS volume. Volume names are only unique within - a namespace. - type: string - volumeNamespace: - description: volumeNamespace specifies the scope of the - volume within StorageOS. If no namespace is specified - then the Pod's namespace will be used. This allows the - Kubernetes name scoping to be mirrored within StorageOS - for tighter integration. Set VolumeName to any name to - override the default behaviour. Set to "default" if you - are not using namespaces within StorageOS. Namespaces - that do not pre-exist within StorageOS will be created. - type: string - type: object - vsphereVolume: - description: vsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine - properties: - fsType: - description: fsType is filesystem type to mount. Must be - a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. - type: string - storagePolicyID: - description: storagePolicyID is the storage Policy Based - Management (SPBM) profile ID associated with the StoragePolicyName. - type: string - storagePolicyName: - description: storagePolicyName is the storage Policy Based - Management (SPBM) profile name. - type: string - volumePath: - description: volumePath is the path that identifies vSphere - volume vmdk - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - required: - - config - - name - - type - type: object - type: object - served: true - storage: true diff --git a/production/operator/crds/monitoring.grafana.com_logsinstances.yaml b/production/operator/crds/monitoring.grafana.com_logsinstances.yaml deleted file mode 100644 index f36440ab0cd0..000000000000 --- a/production/operator/crds/monitoring.grafana.com_logsinstances.yaml +++ /dev/null @@ -1,500 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: logsinstances.monitoring.grafana.com -spec: - group: monitoring.grafana.com - names: - categories: - - agent-operator - kind: LogsInstance - listKind: LogsInstanceList - plural: logsinstances - singular: logsinstance - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: LogsInstance controls an individual logs instance within a Grafana - Agent deployment. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the specification of the desired behavior for - the logs instance. - properties: - additionalScrapeConfigs: - description: "AdditionalScrapeConfigs allows specifying a key of a - Secret containing additional Grafana Agent logging scrape configurations. - Scrape configurations specified are appended to the configurations - generated by the Grafana Agent Operator. \n Job configurations specified - must have the form as specified in the official Promtail documentation: - \n https://grafana.com/docs/loki/latest/clients/promtail/configuration/#scrape_configs - \n As scrape configs are appended, the user is responsible to make - sure it is valid. Note that using this feature may expose the possibility - to break upgrades of Grafana Agent. It is advised to review both - Grafana Agent and Promtail release notes to ensure that no incompatible - scrape configs are going to break Grafana Agent after the upgrade." - properties: - key: - description: The key of the secret to select from. Must be a - valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - clients: - description: Clients controls where logs are written to for this instance. - items: - description: LogsClientSpec defines the client integration for logs, - indicating which Loki server to send logs to. - properties: - backoffConfig: - description: Configures how to retry requests to Loki when a - request fails. Defaults to a minPeriod of 500ms, maxPeriod - of 5m, and maxRetries of 10. - properties: - maxPeriod: - description: Maximum backoff time between retries. - type: string - maxRetries: - description: Maximum number of retries to perform before - giving up a request. - type: integer - minPeriod: - description: Initial backoff time between retries. Time - between retries is increased exponentially. - type: string - type: object - basicAuth: - description: BasicAuth for the Loki server. - properties: - password: - description: The secret in the service monitor namespace - that contains the password for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: The secret in the service monitor namespace - that contains the username for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - batchSize: - description: Maximum batch size (in bytes) of logs to accumulate - before sending the batch to Loki. - type: integer - batchWait: - description: Maximum amount of time to wait before sending a - batch, even if that batch isn't full. - type: string - bearerToken: - description: BearerToken used for remote_write. - type: string - bearerTokenFile: - description: BearerTokenFile used to read bearer token. - type: string - externalLabels: - additionalProperties: - type: string - description: ExternalLabels are labels to add to any time series - when sending data to Loki. - type: object - oauth2: - description: Oauth2 for URL - properties: - clientId: - description: The secret or configmap containing the OAuth2 - client id - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - clientSecret: - description: The secret containing the OAuth2 client secret - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - endpointParams: - additionalProperties: - type: string - description: Parameters to append to the token URL - type: object - scopes: - description: OAuth2 scopes used for the token request - items: - type: string - type: array - tokenUrl: - description: The URL to fetch the token from - minLength: 1 - type: string - required: - - clientId - - clientSecret - - tokenUrl - type: object - proxyUrl: - description: ProxyURL to proxy requests through. Optional. - type: string - tenantId: - description: Tenant ID used by default to push logs to Loki. - If omitted assumes remote Loki is running in single-tenant - mode or an authentication layer is used to inject an X-Scope-OrgID - header. - type: string - timeout: - description: Maximum time to wait for a server to respond to - a request. - type: string - tlsConfig: - description: TLSConfig to use for the client. Only used when - the protocol of the URL is https. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - caFile: - description: Path to the CA cert in the Prometheus container - to use for the targets. - type: string - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - certFile: - description: Path to the client cert file in the Prometheus - container for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: Path to the client key file in the Prometheus - container for the targets. - type: string - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: 'URL is the URL where Loki is listening. Must be - a full HTTP URL, including protocol. Required. Example: https://logs-prod-us-central1.grafana.net/loki/api/v1/push.' - type: string - required: - - url - type: object - type: array - podLogsNamespaceSelector: - description: Set of labels to determine which namespaces should be - watched for PodLogs. If not provided, checks only namespace of the - instance. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - podLogsSelector: - description: Determines which PodLogs should be selected for including - in this instance. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - targetConfig: - description: Configures how tailed targets are watched. - properties: - syncPeriod: - description: Period to resync directories being watched and files - being tailed to discover new ones or stop watching removed ones. - type: string - type: object - type: object - type: object - served: true - storage: true diff --git a/production/operator/crds/monitoring.grafana.com_metricsinstances.yaml b/production/operator/crds/monitoring.grafana.com_metricsinstances.yaml deleted file mode 100644 index 015c0339ce1a..000000000000 --- a/production/operator/crds/monitoring.grafana.com_metricsinstances.yaml +++ /dev/null @@ -1,861 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: metricsinstances.monitoring.grafana.com -spec: - group: monitoring.grafana.com - names: - categories: - - agent-operator - kind: MetricsInstance - listKind: MetricsInstanceList - plural: metricsinstances - singular: metricsinstance - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: MetricsInstance controls an individual Metrics instance within - a Grafana Agent deployment. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the specification of the desired behavior for - the Metrics instance. - properties: - additionalScrapeConfigs: - description: 'AdditionalScrapeConfigs lets you specify a key of a - Secret containing additional Grafana Agent Prometheus scrape configurations. - The specified scrape configurations are appended to the configurations - generated by Grafana Agent Operator. Specified job configurations - must have the form specified in the official Prometheus documentation: - https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. - As scrape configs are appended, you must make sure the configuration - is still valid. Note that it''s possible that this feature will - break future upgrades of Grafana Agent. Review both Grafana Agent - and Prometheus release notes to ensure that no incompatible scrape - configs will break Grafana Agent after the upgrade.' - properties: - key: - description: The key of the secret to select from. Must be a - valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxWALTime: - description: MaxWALTime is the maximum amount of time that series - and samples can exist in the WAL before being forcibly deleted. - type: string - minWALTime: - description: MinWALTime is the minimum amount of time that series - and samples can exist in the WAL before being considered for deletion. - type: string - podMonitorNamespaceSelector: - description: PodMonitorNamespaceSelector are the set of labels to - determine which namespaces to watch for PodMonitor discovery. If - nil, it only checks its own namespace. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - podMonitorSelector: - description: PodMonitorSelector determines which PodMonitors to selected - for target discovery. Experimental. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - probeNamespaceSelector: - description: ProbeNamespaceSelector is the set of labels that determines - which namespaces to watch for Probe discovery. If nil, it only checks - own namespace. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - probeSelector: - description: ProbeSelector determines which Probes to select for target - discovery. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - remoteFlushDeadline: - description: RemoteFlushDeadline is the deadline for flushing data - when an instance shuts down. - type: string - remoteWrite: - description: RemoteWrite controls remote_write settings for this instance. - items: - description: RemoteWriteSpec defines the remote_write configuration - for Prometheus. - properties: - basicAuth: - description: BasicAuth for the URL. - properties: - password: - description: The secret in the service monitor namespace - that contains the password for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: The secret in the service monitor namespace - that contains the username for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - bearerToken: - description: BearerToken used for remote_write. - type: string - bearerTokenFile: - description: BearerTokenFile used to read bearer token. - type: string - headers: - additionalProperties: - type: string - description: Headers is a set of custom HTTP headers to be sent - along with each remote_write request. Be aware that any headers - set by Grafana Agent itself can't be overwritten. - type: object - metadataConfig: - description: MetadataConfig configures the sending of series - metadata to remote storage. - properties: - send: - description: Send enables metric metadata to be sent to - remote storage. - type: boolean - sendInterval: - description: SendInterval controls how frequently metric - metadata is sent to remote storage. - type: string - type: object - name: - description: Name of the remote_write queue. Must be unique - if specified. The name is used in metrics and logging in order - to differentiate queues. - type: string - oauth2: - description: Oauth2 for URL - properties: - clientId: - description: The secret or configmap containing the OAuth2 - client id - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - clientSecret: - description: The secret containing the OAuth2 client secret - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - endpointParams: - additionalProperties: - type: string - description: Parameters to append to the token URL - type: object - scopes: - description: OAuth2 scopes used for the token request - items: - type: string - type: array - tokenUrl: - description: The URL to fetch the token from - minLength: 1 - type: string - required: - - clientId - - clientSecret - - tokenUrl - type: object - proxyUrl: - description: ProxyURL to proxy requests through. Optional. - type: string - queueConfig: - description: QueueConfig allows tuning of the remote_write queue - parameters. - properties: - batchSendDeadline: - description: BatchSendDeadline is the maximum time a sample - will wait in the buffer. - type: string - capacity: - description: Capacity is the number of samples to buffer - per shard before samples start being dropped. - type: integer - maxBackoff: - description: MaxBackoff is the maximum retry delay. - type: string - maxRetries: - description: MaxRetries is the maximum number of times to - retry a batch on recoverable errors. - type: integer - maxSamplesPerSend: - description: MaxSamplesPerSend is the maximum number of - samples per send. - type: integer - maxShards: - description: MaxShards is the maximum number of shards, - i.e., the amount of concurrency. - type: integer - minBackoff: - description: MinBackoff is the initial retry delay. MinBackoff - is doubled for every retry. - type: string - minShards: - description: MinShards is the minimum number of shards, - i.e., the amount of concurrency. - type: integer - retryOnRateLimit: - description: RetryOnRateLimit retries requests when encountering - rate limits. - type: boolean - type: object - remoteTimeout: - description: RemoteTimeout is the timeout for requests to the - remote_write endpoint. - type: string - sigv4: - description: SigV4 configures SigV4-based authentication to - the remote_write endpoint. SigV4-based authentication is used - if SigV4 is defined, even with an empty object. - properties: - accessKey: - description: AccessKey holds the secret of the AWS API access - key to use for signing. If not provided, the environment - variable AWS_ACCESS_KEY_ID is used. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - profile: - description: Profile is the named AWS profile to use for - authentication. - type: string - region: - description: Region of the AWS endpoint. If blank, the region - from the default credentials chain is used. - type: string - roleARN: - description: RoleARN is the AWS Role ARN to use for authentication, - as an alternative for using the AWS API keys. - type: string - secretKey: - description: SecretKey of the AWS API to use for signing. - If blank, the environment variable AWS_SECRET_ACCESS_KEY - is used. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - tlsConfig: - description: TLSConfig to use for remote_write. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - caFile: - description: Path to the CA cert in the Prometheus container - to use for the targets. - type: string - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - certFile: - description: Path to the client cert file in the Prometheus - container for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: Path to the client key file in the Prometheus - container for the targets. - type: string - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL of the endpoint to send samples to. - type: string - writeRelabelConfigs: - description: WriteRelabelConfigs holds relabel_configs to relabel - samples before they are sent to the remote_write endpoint. - items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It - defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' - properties: - action: - default: replace - description: Action to perform based on regex matching. - Default is 'replace'. uppercase and lowercase actions - require Prometheus >= 2.36. - enum: - - replace - - Replace - - keep - - Keep - - drop - - Drop - - hashmod - - HashMod - - labelmap - - LabelMap - - labeldrop - - LabelDrop - - labelkeep - - LabelKeep - - lowercase - - Lowercase - - uppercase - - Uppercase - - keepequal - - KeepEqual - - dropequal - - DropEqual - type: string - modulus: - description: Modulus to take of the hash of the source - label values. - format: int64 - type: integer - regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' - type: string - replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' - type: string - separator: - description: Separator placed between concatenated source - label values. default is ';'. - type: string - sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. - items: - description: LabelName is a valid Prometheus label name - which may only contain ASCII letters, numbers, as - well as underscores. - pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ - type: string - type: array - targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. - type: string - type: object - type: array - required: - - url - type: object - type: array - serviceMonitorNamespaceSelector: - description: ServiceMonitorNamespaceSelector is the set of labels - that determine which namespaces to watch for ServiceMonitor discovery. - If nil, it only checks its own namespace. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - serviceMonitorSelector: - description: ServiceMonitorSelector determines which ServiceMonitors - to select for target discovery. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - walTruncateFrequency: - description: WALTruncateFrequency specifies how frequently to run - the WAL truncation process. Higher values cause the WAL to increase - and for old series to stay in the WAL longer, but reduces the chance - of data loss when remote_write fails for longer than the given frequency. - type: string - writeStaleOnShutdown: - description: WriteStaleOnShutdown writes staleness markers on shutdown - for all series. - type: boolean - type: object - type: object - served: true - storage: true diff --git a/production/operator/crds/monitoring.grafana.com_podlogs.yaml b/production/operator/crds/monitoring.grafana.com_podlogs.yaml deleted file mode 100644 index ff6531f61e88..000000000000 --- a/production/operator/crds/monitoring.grafana.com_podlogs.yaml +++ /dev/null @@ -1,588 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: podlogs.monitoring.grafana.com -spec: - group: monitoring.grafana.com - names: - categories: - - agent-operator - kind: PodLogs - listKind: PodLogsList - plural: podlogs - singular: podlogs - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: PodLogs defines how to collect logs for a pod. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds the specification of the desired behavior for - the PodLogs. - properties: - jobLabel: - description: The label to use to retrieve the job name from. - type: string - namespaceSelector: - description: Selector to select which namespaces the Pod objects are - discovered from. - properties: - any: - description: Boolean describing whether all namespaces are selected - in contrast to a list restricting them. - type: boolean - matchNames: - description: List of namespace names to select from. - items: - type: string - type: array - type: object - pipelineStages: - description: Pipeline stages for this pod. Pipeline stages support - transforming and filtering log lines. - items: - description: "PipelineStageSpec defines an individual pipeline stage. - Each stage type is mutually exclusive and no more than one may - be set per stage. \n More information on pipelines can be found - in the Promtail documentation: https://grafana.com/docs/loki/latest/clients/promtail/pipelines/" - properties: - cri: - description: 'CRI is a parsing stage that reads log lines using - the standard CRI logging format. Supply cri: {} to enable.' - type: object - docker: - description: 'Docker is a parsing stage that reads log lines - using the standard Docker logging format. Supply docker: {} - to enable.' - type: object - drop: - description: Drop is a filtering stage that lets you drop certain - logs. - properties: - dropCounterReason: - description: Every time a log line is dropped, the metric - logentry_dropped_lines_total is incremented. A "reason" - label is added, and can be customized by providing a custom - value here. Defaults to "drop_stage". - type: string - expression: - description: "RE2 regular expression. \n If source is provided, - the regex attempts to match the source. \n If no source - is provided, then the regex attempts to attach the log - line. \n If the provided regex matches the log line or - a provided source, the line is dropped." - type: string - longerThan: - description: LongerThan will drop a log line if it its content - is longer than this value (in bytes). Can be expressed - as an integer (8192) or a number with a suffix (8kb). - type: string - olderThan: - description: OlderThan will be parsed as a Go duration. - If the log line's timestamp is older than the current - time minus the provided duration, it will be dropped. - type: string - source: - description: Name from the extract data to parse. If empty, - uses the log message. - type: string - value: - description: "Value can only be specified when source is - specified. If the value provided is an exact match for - the given source then the line will be dropped. \n Mutually - exclusive with expression." - type: string - type: object - json: - description: "JSON is a parsing stage that reads the log line - as JSON and accepts JMESPath expressions to extract data. - \n Information on JMESPath: http://jmespath.org/" - properties: - expressions: - additionalProperties: - type: string - description: "Set of the key/value pairs of JMESPath expressions. - The key will be the key in the extracted data while the - expression will be the value, evaluated as a JMESPath - from the source data. \n Literal JMESPath expressions - can be used by wrapping a key in double quotes, which - then must be wrapped again in single quotes in YAML so - they get passed to the JMESPath parser." - type: object - source: - description: Name from the extracted data to parse as JSON. - If empty, uses entire log message. - type: string - type: object - labelAllow: - description: LabelAllow is an action stage that only allows - the provided labels to be included in the label set that is - sent to Loki with the log entry. - items: - type: string - type: array - labelDrop: - description: LabelDrop is an action stage that drops labels - from the label set that is sent to Loki with the log entry. - items: - type: string - type: array - labels: - additionalProperties: - type: string - description: "Labels is an action stage that takes data from - the extracted map and modifies the label set that is sent - to Loki with the log entry. \n The key is REQUIRED and represents - the name for the label that will be created. Value is optional - and will be the name from extracted data to use for the value - of the label. If the value is not provided, it defaults to - match the key." - type: object - limit: - description: Limit is a rate-limiting stage that throttles logs - based on several options. - properties: - burst: - description: The cap in the quantity of burst lines that - Promtail will push to Loki. - type: integer - drop: - description: "When drop is true, log lines that exceed the - current rate limit are discarded. When drop is false, - log lines that exceed the current rate limit wait to enter - the back pressure mode. \n Defaults to false." - type: boolean - rate: - description: The rate limit in lines per second that Promtail - will push to Loki. - type: integer - type: object - match: - description: Match is a filtering stage that conditionally applies - a set of stages or drop entries when a log entry matches a - configurable LogQL stream selector and filter expressions. - properties: - action: - description: Determines what action is taken when the selector - matches the log line. Can be keep or drop. Defaults to - keep. When set to drop, entries are dropped and no later - metrics are recorded. Stages must be empty when dropping - metrics. - type: string - dropCounterReason: - description: Every time a log line is dropped, the metric - logentry_dropped_lines_total is incremented. A "reason" - label is added, and can be customized by providing a custom - value here. Defaults to "match_stage." - type: string - pipelineName: - description: Names the pipeline. When defined, creates an - additional label in the pipeline_duration_seconds histogram, - where the value is concatenated with job_name using an - underscore. - type: string - selector: - description: LogQL stream selector and filter expressions. - Required. - type: string - stages: - description: "Nested set of pipeline stages to execute when - action is keep and the log line matches selector. \n An - example value for stages may be: \n stages: | - json: - {} - labelAllow: [foo, bar] \n Note that stages is a string - because SIG API Machinery does not support recursive types, - and so it cannot be validated for correctness. Be careful - not to mistype anything." - type: string - required: - - selector - type: object - metrics: - additionalProperties: - description: MetricsStageSpec is an action stage that allows - for defining and updating metrics based on data from the - extracted map. Created metrics are not pushed to Loki or - Prometheus and are instead exposed via the /metrics endpoint - of the Grafana Agent pod. The Grafana Agent Operator should - be configured with a MetricsInstance that discovers the - logging DaemonSet to collect metrics created by this stage. - properties: - action: - description: "The action to take against the metric. Required. - \n Must be either \"inc\" or \"add\" for type: counter - or type: histogram. When type: gauge, must be one of - \"set\", \"inc\", \"dec\", \"add\", or \"sub\". \n \"add\", - \"set\", or \"sub\" requires the extracted value to - be convertible to a positive float." - type: string - buckets: - description: 'Buckets to create. Bucket values must be - convertible to float64s. Extremely large or small numbers - are subject to some loss of precision. Only valid for - type: histogram.' - items: - type: string - type: array - countEntryBytes: - description: "If true all log line bytes are counted. - Can only be set with matchAll: true and action: add. - \n Only valid for type: counter." - type: boolean - description: - description: Sets the description for the created metric. - type: string - matchAll: - description: "If true, all log lines are counted without - attempting to match the source to the extracted map. - Mutually exclusive with value. \n Only valid for type: - counter." - type: boolean - maxIdleDuration: - description: "Label values on metrics are dynamic which - can cause exported metrics to go stale. To prevent unbounded - cardinality, any metrics not updated within MaxIdleDuration - are removed. \n Must be greater or equal to 1s. Defaults - to 5m." - type: string - prefix: - description: Sets the custom prefix name for the metric. - Defaults to "promtail_custom_". - type: string - source: - description: Key from the extracted data map to use for - the metric. Defaults to the metrics name if not present. - type: string - type: - description: The metric type to create. Must be one of - counter, gauge, histogram. Required. - type: string - value: - description: Filters down source data and only changes - the metric if the targeted value matches the provided - string exactly. If not present, all data matches. - type: string - required: - - action - - type - type: object - description: Metrics is an action stage that supports defining - and updating metrics based on data from the extracted map. - Created metrics are not pushed to Loki or Prometheus and are - instead exposed via the /metrics endpoint of the Grafana Agent - pod. The Grafana Agent Operator should be configured with - a MetricsInstance that discovers the logging DaemonSet to - collect metrics created by this stage. - type: object - multiline: - description: Multiline stage merges multiple lines into a multiline - block before passing it on to the next stage in the pipeline. - properties: - firstLine: - description: RE2 regular expression. Creates a new multiline - block when matched. Required. - type: string - maxLines: - description: Maximum number of lines a block can have. A - new block is started if the number of lines surpasses - this value. Defaults to 128. - type: integer - maxWaitTime: - description: Maximum time to wait before passing on the - multiline block to the next stage if no new lines are - received. Defaults to 3s. - type: string - required: - - firstLine - type: object - output: - description: Output stage is an action stage that takes data - from the extracted map and changes the log line that will - be sent to Loki. - properties: - source: - description: Name from extract data to use for the log entry. - Required. - type: string - required: - - source - type: object - pack: - description: Pack is a transform stage that lets you embed extracted - values and labels into the log line by packing the log line - and labels inside of a JSON object. - properties: - ingestTimestamp: - description: If the resulting log line should use any existing - timestamp or use time.Now() when the line was created. - Set to true when combining several log streams from different - containers to avoid out of order errors. - type: boolean - labels: - description: Name from extracted data or line labels. Required. - Labels provided here are automatically removed from output - labels. - items: - type: string - type: array - required: - - labels - type: object - regex: - description: Regex is a parsing stage that parses a log line - using a regular expression. Named capture groups in the regex - allows for adding data into the extracted map. - properties: - expression: - description: RE2 regular expression. Each capture group - MUST be named. Required. - type: string - source: - description: Name from extracted data to parse. If empty, - defaults to using the log message. - type: string - required: - - expression - type: object - replace: - description: Replace is a parsing stage that parses a log line - using a regular expression and replaces the log line. Named - capture groups in the regex allows for adding data into the - extracted map. - properties: - expression: - description: RE2 regular expression. Each capture group - MUST be named. Required. - type: string - replace: - description: Value to replace the captured group with. - type: string - source: - description: Name from extracted data to parse. If empty, - defaults to using the log message. - type: string - required: - - expression - type: object - template: - description: Template is a transform stage that manipulates - the values in the extracted map using Go's template syntax. - properties: - source: - description: Name from extracted data to parse. Required. - If empty, defaults to using the log message. - type: string - template: - description: Go template string to use. Required. In addition - to normal template functions, ToLower, ToUpper, Replace, - Trim, TrimLeft, TrimRight, TrimPrefix, and TrimSpace are - also available. - type: string - required: - - source - - template - type: object - tenant: - description: Tenant is an action stage that sets the tenant - ID for the log entry picking it from a field in the extracted - data map. If the field is missing, the default LogsClientSpec.tenantId - will be used. - properties: - label: - description: Name from labels whose value should be set - as tenant ID. Mutually exclusive with source and value. - type: string - source: - description: Name from extracted data to use as the tenant - ID. Mutually exclusive with label and value. - type: string - value: - description: Value to use for the template ID. Useful when - this stage is used within a conditional pipeline such - as match. Mutually exclusive with label and source. - type: string - type: object - timestamp: - description: Timestamp is an action stage that can change the - timestamp of a log line before it is sent to Loki. If not - present, the timestamp of a log line defaults to the time - when the log line was read. - properties: - actionOnFailure: - description: Action to take when the timestamp can't be - extracted or parsed. Can be skip or fudge. Defaults to - fudge. - type: string - fallbackFormats: - description: Fallback formats to try if format fails. - items: - type: string - type: array - format: - description: 'Determines format of the time string. Required. - Can be one of: ANSIC, UnixDate, RubyDate, RFC822, RFC822Z, - RFC850, RFC1123, RFC1123Z, RFC3339, RFC3339Nano, Unix, - UnixMs, UnixUs, UnixNs.' - type: string - location: - description: IANA Timezone Database string. - type: string - source: - description: Name from extracted data to use as the timestamp. - Required. - type: string - required: - - format - - source - type: object - type: object - type: array - podTargetLabels: - description: PodTargetLabels transfers labels on the Kubernetes Pod - onto the target. - items: - type: string - type: array - relabelings: - description: "RelabelConfigs to apply to logs before delivering. Grafana - Agent Operator automatically adds relabelings for a few standard - Kubernetes fields and replaces original scrape job name with __tmp_logs_job_name. - \n More info: https://grafana.com/docs/loki/latest/clients/promtail/configuration/#relabel_configs" - items: - description: 'RelabelConfig allows dynamic rewriting of the label - set, being applied to samples before ingestion. It defines ``-section - of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' - properties: - action: - default: replace - description: Action to perform based on regex matching. Default - is 'replace'. uppercase and lowercase actions require Prometheus - >= 2.36. - enum: - - replace - - Replace - - keep - - Keep - - drop - - Drop - - hashmod - - HashMod - - labelmap - - LabelMap - - labeldrop - - LabelDrop - - labelkeep - - LabelKeep - - lowercase - - Lowercase - - uppercase - - Uppercase - - keepequal - - KeepEqual - - dropequal - - DropEqual - type: string - modulus: - description: Modulus to take of the hash of the source label - values. - format: int64 - type: integer - regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' - type: string - replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex capture - groups are available. Default is '$1' - type: string - separator: - description: Separator placed between concatenated source label - values. default is ';'. - type: string - sourceLabels: - description: The source labels select values from existing labels. - Their content is concatenated using the configured separator - and matched against the configured regular expression for - the replace, keep, and drop actions. - items: - description: LabelName is a valid Prometheus label name which - may only contain ASCII letters, numbers, as well as underscores. - pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ - type: string - type: array - targetLabel: - description: Label to which the resulting value is written in - a replace action. It is mandatory for replace actions. Regex - capture groups are available. - type: string - type: object - type: array - selector: - description: Selector to select Pod objects. Required. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - selector - type: object - type: object - served: true - storage: true diff --git a/production/operator/templates/agent-operator.yaml b/production/operator/templates/agent-operator.yaml deleted file mode 100644 index 442bab4fa353..000000000000 --- a/production/operator/templates/agent-operator.yaml +++ /dev/null @@ -1,645 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: grafana-agent - namespace: ${NAMESPACE} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: grafana-agent-operator - namespace: ${NAMESPACE} ---- -apiVersion: v1 -automountServiceAccountToken: false -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: exporter - app.kubernetes.io/name: kube-state-metrics - app.kubernetes.io/version: 2.5.0 - name: kube-state-metrics - namespace: ${NAMESPACE} ---- -apiVersion: v1 -data: {} -kind: Secret -metadata: - name: logs-secret - namespace: ${NAMESPACE} -stringData: - password: ${LOGS_KEY} - username: ${LOGS_USER} -type: Opaque ---- -apiVersion: v1 -data: {} -kind: Secret -metadata: - name: metrics-secret - namespace: ${NAMESPACE} -stringData: - password: ${METRICS_KEY} - username: ${METRICS_USER} -type: Opaque ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: agent-eventhandler - namespace: ${NAMESPACE} -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: grafana-agent -rules: -- apiGroups: - - "" - resources: - - nodes - - nodes/proxy - - nodes/metrics - - services - - endpoints - - pods - - events - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- nonResourceURLs: - - /metrics - - /metrics/cadvisor - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: grafana-agent-operator -rules: -- apiGroups: - - monitoring.grafana.com - resources: - - grafanaagents - - metricsinstances - - logsinstances - - podlogs - - integrations - verbs: - - get - - list - - watch -- apiGroups: - - monitoring.grafana.com - resources: - - grafanaagents/finalizers - - metricsinstances/finalizers - - logsinstances/finalizers - - podlogs/finalizers - - integrations/finalizers - verbs: - - get - - list - - watch - - update -- apiGroups: - - monitoring.coreos.com - resources: - - podmonitors - - probes - - servicemonitors - verbs: - - get - - list - - watch -- apiGroups: - - monitoring.coreos.com - resources: - - podmonitors/finalizers - - probes/finalizers - - servicemonitors/finalizers - verbs: - - get - - list - - watch - - update -- apiGroups: - - "" - resources: - - namespaces - - nodes - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - - services - - configmaps - - endpoints - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - apps - resources: - - statefulsets - - daemonsets - - deployments - verbs: - - get - - list - - watch - - create - - update - - patch - - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: exporter - app.kubernetes.io/name: kube-state-metrics - app.kubernetes.io/version: 2.5.0 - name: kube-state-metrics -rules: -- apiGroups: - - "" - resources: - - configmaps - - secrets - - nodes - - pods - - services - - resourcequotas - - replicationcontrollers - - limitranges - - persistentvolumeclaims - - persistentvolumes - - namespaces - - endpoints - verbs: - - list - - watch -- apiGroups: - - apps - resources: - - statefulsets - - daemonsets - - deployments - - replicasets - verbs: - - list - - watch -- apiGroups: - - batch - resources: - - cronjobs - - jobs - verbs: - - list - - watch -- apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - list - - watch -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create -- apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - list - - watch -- apiGroups: - - certificates.k8s.io - resources: - - certificatesigningrequests - verbs: - - list - - watch -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - - volumeattachments - verbs: - - list - - watch -- apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - - validatingwebhookconfigurations - verbs: - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - networkpolicies - - ingresses - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: grafana-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: grafana-agent -subjects: -- kind: ServiceAccount - name: grafana-agent - namespace: ${NAMESPACE} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: grafana-agent-operator -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: grafana-agent-operator -subjects: -- kind: ServiceAccount - name: grafana-agent-operator - namespace: ${NAMESPACE} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: exporter - app.kubernetes.io/name: kube-state-metrics - app.kubernetes.io/version: 2.5.0 - name: kube-state-metrics -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kube-state-metrics -subjects: -- kind: ServiceAccount - name: kube-state-metrics - namespace: ${NAMESPACE} ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: exporter - app.kubernetes.io/name: kube-state-metrics - app.kubernetes.io/version: 2.5.0 - name: kube-state-metrics - namespace: ${NAMESPACE} -spec: - clusterIP: None - ports: - - name: http-metrics - port: 8080 - targetPort: http-metrics - - name: telemetry - port: 8081 - targetPort: telemetry - selector: - app.kubernetes.io/name: kube-state-metrics ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: grafana-agent-operator - namespace: ${NAMESPACE} -spec: - minReadySeconds: 10 - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - name: grafana-agent-operator - template: - metadata: - labels: - name: grafana-agent-operator - spec: - containers: - - args: - - --kubelet-service=default/kubelet - image: grafana/agent-operator:v0.39.0 - imagePullPolicy: IfNotPresent - name: grafana-agent-operator - serviceAccount: grafana-agent-operator ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: exporter - app.kubernetes.io/name: kube-state-metrics - app.kubernetes.io/version: 2.5.0 - name: kube-state-metrics - namespace: ${NAMESPACE} -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: kube-state-metrics - template: - metadata: - labels: - app.kubernetes.io/component: exporter - app.kubernetes.io/name: kube-state-metrics - app.kubernetes.io/version: 2.5.0 - spec: - automountServiceAccountToken: true - containers: - - image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.5.0 - livenessProbe: - httpGet: - path: /healthz - port: 8080 - initialDelaySeconds: 5 - timeoutSeconds: 5 - name: kube-state-metrics - ports: - - containerPort: 8080 - name: http-metrics - - containerPort: 8081 - name: telemetry - readinessProbe: - httpGet: - path: / - port: 8081 - initialDelaySeconds: 5 - timeoutSeconds: 5 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsUser: 65534 - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: kube-state-metrics ---- -apiVersion: monitoring.grafana.com/v1alpha1 -kind: GrafanaAgent -metadata: - name: grafana-agent - namespace: ${NAMESPACE} -spec: - image: grafana/agent:v0.39.0 - integrations: - selector: - matchLabels: - agent: grafana-agent - logs: - instanceSelector: - matchLabels: - agent: grafana-agent - metrics: - externalLabels: - cluster: ${CLUSTER} - instanceSelector: - matchLabels: - agent: grafana-agent - serviceAccountName: grafana-agent ---- -apiVersion: monitoring.grafana.com/v1alpha1 -kind: Integration -metadata: - labels: - agent: grafana-agent - name: agent-eventhandler - namespace: ${NAMESPACE} -spec: - config: - cache_path: /etc/eventhandler/eventhandler.cache - logs_instance: ${NAMESPACE}/grafana-agent-logs - name: eventhandler - type: - unique: true - volumeMounts: - - mountPath: /etc/eventhandler - name: agent-eventhandler - volumes: - - name: agent-eventhandler - persistentVolumeClaim: - claimName: agent-eventhandler ---- -apiVersion: monitoring.grafana.com/v1alpha1 -kind: LogsInstance -metadata: - labels: - agent: grafana-agent - name: grafana-agent-logs - namespace: ${NAMESPACE} -spec: - clients: - - basicAuth: - password: - key: password - name: logs-secret - username: - key: username - name: logs-secret - externalLabels: - cluster: ${CLUSTER} - url: ${LOGS_URL} - podLogsNamespaceSelector: {} - podLogsSelector: - matchLabels: - instance: primary ---- -apiVersion: monitoring.grafana.com/v1alpha1 -kind: MetricsInstance -metadata: - labels: - agent: grafana-agent - name: grafana-agent-metrics - namespace: ${NAMESPACE} -spec: - remoteWrite: - - basicAuth: - password: - key: password - name: metrics-secret - username: - key: username - name: metrics-secret - url: ${METRICS_URL} - serviceMonitorNamespaceSelector: {} - serviceMonitorSelector: - matchLabels: - instance: primary ---- -apiVersion: monitoring.grafana.com/v1alpha1 -kind: PodLogs -metadata: - labels: - instance: primary - name: kubernetes-logs - namespace: ${NAMESPACE} -spec: - namespaceSelector: - any: true - pipelineStages: - - cri: {} - relabelings: - - sourceLabels: - - __meta_kubernetes_pod_node_name - targetLabel: __host__ - - action: replace - sourceLabels: - - __meta_kubernetes_namespace - targetLabel: namespace - - action: replace - sourceLabels: - - __meta_kubernetes_pod_name - targetLabel: pod - - action: replace - sourceLabels: - - __meta_kubernetes_pod_container_name - targetLabel: container - - replacement: /var/log/pods/*$1/*.log - separator: / - sourceLabels: - - __meta_kubernetes_pod_uid - - __meta_kubernetes_pod_container_name - targetLabel: __path__ - selector: - matchLabels: {} ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - labels: - instance: primary - name: cadvisor-monitor - namespace: ${NAMESPACE} -spec: - endpoints: - - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - honorLabels: true - interval: 60s - path: /metrics/cadvisor - port: https-metrics - relabelings: - - sourceLabels: - - __metrics_path__ - targetLabel: metrics_path - - action: replace - replacement: cadvisor - targetLabel: job - scheme: https - tlsConfig: - insecureSkipVerify: true - namespaceSelector: - matchNames: - - default - selector: - matchLabels: - app.kubernetes.io/name: kubelet ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - labels: - instance: primary - name: ksm-monitor - namespace: ${NAMESPACE} -spec: - endpoints: - - honorLabels: true - interval: 60s - path: /metrics - port: http-metrics - relabelings: - - action: replace - replacement: kube-state-metrics - targetLabel: job - namespaceSelector: - matchNames: - - ${NAMESPACE} - selector: - matchLabels: - app.kubernetes.io/name: kube-state-metrics ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - labels: - instance: primary - name: kubelet-monitor - namespace: ${NAMESPACE} -spec: - endpoints: - - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - honorLabels: true - interval: 60s - path: /metrics - port: https-metrics - relabelings: - - sourceLabels: - - __metrics_path__ - targetLabel: metrics_path - - action: replace - replacement: kubelet - targetLabel: job - scheme: https - tlsConfig: - insecureSkipVerify: true - namespaceSelector: - matchNames: - - default - selector: - matchLabels: - app.kubernetes.io/name: kubelet diff --git a/production/tanka/grafana-agent-operator/jsonnetfile.json b/production/tanka/grafana-agent-operator/jsonnetfile.json deleted file mode 100644 index bb15a4133cc2..000000000000 --- a/production/tanka/grafana-agent-operator/jsonnetfile.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "dependencies": [ - { - "name": "ksonnet-util", - "source": { - "git": { - "remote": "https://github.com/grafana/jsonnet-libs", - "subdir": "ksonnet-util" - } - }, - "version": "master" - }, - { - "name": "agent-operator-gen", - "source": { - "git": { - "remote": "https://github.com/jsonnet-libs/grafana-agent-libsonnet.git", - "subdir": "0.26" - } - }, - "version": "main" - }, - { - "name": "prom-operator-gen", - "source": { - "git": { - "remote": "https://github.com/jsonnet-libs/prometheus-operator-libsonnet.git", - "subdir": "0.57" - } - }, - "version": "main" - } - ] -} diff --git a/production/tanka/grafana-agent-operator/operator.libsonnet b/production/tanka/grafana-agent-operator/operator.libsonnet deleted file mode 100644 index 71c2fb8264c9..000000000000 --- a/production/tanka/grafana-agent-operator/operator.libsonnet +++ /dev/null @@ -1,60 +0,0 @@ -{ - new(name='grafana-agent-operator', namespace='', image='grafana/agent-operator:v0.26.0-rc.0', serviceAccount=''):: { - local k = (import 'ksonnet-util/kausal.libsonnet'), - - local container = k.core.v1.container, - local deployment = k.apps.v1.deployment, - - local this = self, - - container:: - container.new(name, image) + - container.withArgsMixin(k.util.mapToFlags({'-kubelet-service': 'default/kubelet'})), - - controller: - deployment.new(name, 1, [this.container]) + - deployment.mixin.metadata.withNamespace(namespace) + - deployment.mixin.spec.template.spec.withServiceAccount(name), - - }, - - withRbac(name, namespace):: { - local k = (import 'ksonnet-util/kausal.libsonnet') { _config+:: { namespace: namespace } }, - local policyRule = k.rbac.v1.policyRule, - local serviceAccount = k.core.v1.serviceAccount, - - rbac: - k.util.rbac(name, [ - policyRule.withApiGroups(['monitoring.grafana.com']) + - policyRule.withResources(['grafanaagents', 'metricsinstances', 'logsinstances', 'podlogs', 'integrations']) + - policyRule.withVerbs(['get', 'list', 'watch']), - - policyRule.withApiGroups(['monitoring.grafana.com']) + - policyRule.withResources(['grafanaagents/finalizers', 'metricsinstances/finalizers', 'logsinstances/finalizers', 'podlogs/finalizers', 'integrations/finalizers']) + - policyRule.withVerbs(['get', 'list', 'watch', 'update']), - - policyRule.withApiGroups(['monitoring.coreos.com']) + - policyRule.withResources(['podmonitors', 'probes', 'servicemonitors']) + - policyRule.withVerbs(['get', 'list', 'watch']), - - policyRule.withApiGroups(['monitoring.coreos.com']) + - policyRule.withResources(['podmonitors/finalizers', 'probes/finalizers', 'servicemonitors/finalizers']) + - policyRule.withVerbs(['get', 'list', 'watch', 'update']), - - policyRule.withApiGroups(['']) + - policyRule.withResources(['namespaces', 'nodes']) + - policyRule.withVerbs(['get', 'list', 'watch']), - - policyRule.withApiGroups(['']) + - policyRule.withResources(['secrets', 'services', 'configmaps', 'endpoints']) + - policyRule.withVerbs(['get', 'list', 'watch', 'create', 'update', 'patch', 'delete']), - - policyRule.withApiGroups(['apps']) + - policyRule.withResources(['statefulsets', 'daemonsets', 'deployments']) + - policyRule.withVerbs(['get', 'list', 'watch', 'create', 'update', 'patch', 'delete']), - - ]) { - service_account+: serviceAccount.mixin.metadata.withNamespace(namespace), - }, - } -} diff --git a/production/tanka/grafana-agent-operator/util/grafana-agent.libsonnet b/production/tanka/grafana-agent-operator/util/grafana-agent.libsonnet deleted file mode 100644 index d5edf3ac7bd5..000000000000 --- a/production/tanka/grafana-agent-operator/util/grafana-agent.libsonnet +++ /dev/null @@ -1,23 +0,0 @@ -{ - withRbac(name, namespace):: { - local k = (import 'ksonnet-util/kausal.libsonnet') + { _config+:: { namespace: namespace } }, - local policyRule = k.rbac.v1.policyRule, - local serviceAccount = k.core.v1.serviceAccount, - - rbac: - k.util.rbac(name, [ - policyRule.withApiGroups(['']) + - policyRule.withResources(['nodes', 'nodes/proxy', 'nodes/metrics', 'services', 'endpoints', 'pods', 'events']) + - policyRule.withVerbs(['get', 'list', 'watch']), - - policyRule.withApiGroups(['networking.k8s.io']) + - policyRule.withResources(['ingresses']) + - policyRule.withVerbs(['get', 'list', 'watch']), - - policyRule.withNonResourceURLs(['/metrics', '/metrics/cadvisor']) + - policyRule.withVerbs(['get']), - ]) { - service_account+: serviceAccount.mixin.metadata.withNamespace(namespace), - }, - } -} diff --git a/production/tanka/grafana-agent-operator/util/integrations.libsonnet b/production/tanka/grafana-agent-operator/util/integrations.libsonnet deleted file mode 100644 index 04161e8a29ec..000000000000 --- a/production/tanka/grafana-agent-operator/util/integrations.libsonnet +++ /dev/null @@ -1,17 +0,0 @@ -local gen = import 'agent-operator-gen/main.libsonnet'; -local int = gen.monitoring.v1alpha1.integration; - -{ - withPVC(name):: { - spec+: { - volumeMounts: [ - int.spec.volumeMounts.withName(name) + - int.spec.volumeMounts.withMountPath('/etc/eventhandler') - ], - volumes: [ - int.spec.volumes.withName(name) + - int.spec.volumes.persistentVolumeClaim.withClaimName(name) - ] - } - } -} diff --git a/production/tanka/grafana-agent-operator/util/k8slogs.libsonnet b/production/tanka/grafana-agent-operator/util/k8slogs.libsonnet deleted file mode 100644 index 93d4b9e2104c..000000000000 --- a/production/tanka/grafana-agent-operator/util/k8slogs.libsonnet +++ /dev/null @@ -1,33 +0,0 @@ -local gen = import 'agent-operator-gen/main.libsonnet'; -local pl = gen.monitoring.v1alpha1.podLogs; -local r = pl.spec.relabelings; - -{ - withK8sLogsRelabeling():: [ - r.withSourceLabels(['__meta_kubernetes_pod_node_name']) + - r.withTargetLabel('__host__'), - - // r.withAction('replace') + - // r.withReplacement('$1') + - // r.withSeparator('/') + - // r.withSourceLabels(['__meta_kubernetes_namespace', '__meta_kubernetes_pod_name']) + - // r.withTargetLabel('job'), - - r.withAction('replace') + - r.withSourceLabels('__meta_kubernetes_namespace') + - r.withTargetLabel('namespace'), - - r.withAction('replace') + - r.withSourceLabels('__meta_kubernetes_pod_name') + - r.withTargetLabel('pod'), - - r.withAction('replace') + - r.withSourceLabels('__meta_kubernetes_pod_container_name') + - r.withTargetLabel('container'), - - r.withReplacement('/var/log/pods/*$1/*.log') + - r.withSeparator('/') + - r.withSourceLabels(['__meta_kubernetes_pod_uid', '__meta_kubernetes_pod_container_name']) + - r.withTargetLabel('__path__') - ] -} diff --git a/production/tanka/grafana-agent-operator/util/k8smonitors.libsonnet b/production/tanka/grafana-agent-operator/util/k8smonitors.libsonnet deleted file mode 100644 index 90de24a88962..000000000000 --- a/production/tanka/grafana-agent-operator/util/k8smonitors.libsonnet +++ /dev/null @@ -1,56 +0,0 @@ -local prom_gen = import 'prom-operator-gen/main.libsonnet'; -local sm = prom_gen.monitoring.v1.serviceMonitor; -local e = sm.spec.endpoints; -local mr = e.metricRelabelings; -local r = e.relabelings; - -{ - local metricArrayToString(arr) = std.join("|", arr), - - local withJobReplace(job_label) = - r.withAction('replace') + - r.withTargetLabel('job') + - r.withReplacement(job_label), - - local withAllowList(metrics) = - mr.withAction('keep') + - mr.withSourceLabels(['__name__']) + - mr.withRegex(metricArrayToString(metrics)), - - local withMetricsPath() = - r.withSourceLabels(['__metrics_path__']) + - r.withTargetLabel('metrics_path'), - - local withDefaultEndpoint(jobLabel, port, allowlist, allowlistMetrics, path) = - e.withHonorLabels(true) + - e.withInterval('60s') + - (if allowlist then e.withMetricRelabelings(withAllowList(allowlistMetrics)) else {}) + - e.withPort(port) + - e.withPath(path), - - - newKubernetesMonitor(name, namespace, monitorLabels, targetNamespace, targetLabels, jobLabel, metricsPath, allowlist=false, allowlistMetrics=[]):: - sm.new(name) + - sm.metadata.withNamespace(namespace) + - sm.metadata.withLabels(monitorLabels) + - sm.spec.namespaceSelector.withMatchNames(targetNamespace) + - sm.spec.selector.withMatchLabels(targetLabels) + - sm.spec.withEndpoints([ - withDefaultEndpoint(jobLabel, 'https-metrics', allowlist, allowlistMetrics, metricsPath) + - e.withBearerTokenFile('/var/run/secrets/kubernetes.io/serviceaccount/token') + - e.tlsConfig.withInsecureSkipVerify(true) + - e.withRelabelings([withMetricsPath(), withJobReplace(jobLabel)]) + - e.withScheme('https') - ]), - - newServiceMonitor(name, namespace, monitorLabels, targetNamespace, targetLabels, jobLabel, metricsPath, allowlist=false, allowlistMetrics=[]):: - sm.new(name) + - sm.metadata.withNamespace(namespace) + - sm.metadata.withLabels(monitorLabels) + - sm.spec.namespaceSelector.withMatchNames(targetNamespace) + - sm.spec.selector.withMatchLabels(targetLabels) + - sm.spec.withEndpoints([ - withDefaultEndpoint(jobLabel, 'http-metrics', allowlist, allowlistMetrics, metricsPath) + - e.withRelabelings([withJobReplace(jobLabel)]) - ]), -} diff --git a/production/tanka/grafana-agent-operator/util/logsinstance.libsonnet b/production/tanka/grafana-agent-operator/util/logsinstance.libsonnet deleted file mode 100644 index 4f667c14f5f0..000000000000 --- a/production/tanka/grafana-agent-operator/util/logsinstance.libsonnet +++ /dev/null @@ -1,21 +0,0 @@ -local gen = import 'agent-operator-gen/main.libsonnet'; -local li = gen.monitoring.v1alpha1.logsInstance; -local clients = li.spec.clients; - -{ - withLogsClient(secretName, logsUrl, externalLabels={}):: - li.spec.withClients( - clients.withUrl(logsUrl) + - clients.basicAuth.username.withKey('username') + - clients.basicAuth.username.withName(secretName) + - clients.basicAuth.password.withKey('password') + - clients.basicAuth.password.withName(secretName) + - if externalLabels != {} then clients.withExternalLabels(externalLabels) else {} - ), - - withNilPodLogsNamespace():: { - spec+: { - podLogsNamespaceSelector: {} - } - }, -} diff --git a/production/tanka/grafana-agent-operator/util/metricsinstance.libsonnet b/production/tanka/grafana-agent-operator/util/metricsinstance.libsonnet deleted file mode 100644 index af0da101fd46..000000000000 --- a/production/tanka/grafana-agent-operator/util/metricsinstance.libsonnet +++ /dev/null @@ -1,20 +0,0 @@ -local gen = import 'agent-operator-gen/main.libsonnet'; -local mi = gen.monitoring.v1alpha1.metricsInstance; -local rw = mi.spec.remoteWrite; - -{ - withRemoteWrite(secretName, metricsUrl):: - mi.spec.withRemoteWrite( - rw.withUrl(metricsUrl) + - rw.basicAuth.username.withKey('username') + - rw.basicAuth.username.withName(secretName) + - rw.basicAuth.password.withKey('password') + - rw.basicAuth.password.withName(secretName) - ), - - withNilServiceMonitorNamespace():: { - spec+: { - serviceMonitorNamespaceSelector: {} - } - } -} diff --git a/production/tanka/grafana-agent/config.libsonnet b/production/tanka/grafana-agent/config.libsonnet deleted file mode 100644 index 7c1e7a2c8c80..000000000000 --- a/production/tanka/grafana-agent/config.libsonnet +++ /dev/null @@ -1,117 +0,0 @@ -local k8s_v2 = import './v2/internal/helpers/k8s.libsonnet'; - -{ - _images+:: { - agent: 'grafana/agent:latest', - agentctl: 'grafana/agentctl:latest', - }, - - _config+:: { - // - // Deployment options - // - agent_cluster_role_name: 'grafana-agent', - agent_configmap_name: 'grafana-agent', - agent_deployment_configmap_name: self.agent_configmap_name + '-deployment', - agent_pod_name: 'grafana-agent', - agent_deployment_pod_name: self.agent_pod_name + '-deployment', - - cluster_dns_tld: 'local', - cluster_dns_suffix: 'cluster.' + self.cluster_dns_tld, - cluster_name: error 'must specify cluster name', - namespace: error 'must specify namespace', - - agent_config_hash_annotation: true, - - // - // Prometheus instance options - // - - // Enabling this causes the agent to only scrape metrics on the same node - // on which it is currently running. - // - // Take CAUTION when disabling this! If the agent is deployed - // as a DaemonSet (like it is here by default), then disabling this will - // scrape all metrics multiple times, once per node, leading to - // duplicate samples being rejected and might hit limits. - agent_host_filter: true, - - // The directory where the WAL is stored for all instances. - agent_wal_dir: '/var/lib/agent/data', - - prometheus_kubernetes_api_server_address: 'kubernetes.default.svc.%(cluster_dns_suffix)s:443' % self, - prometheus_insecure_skip_verify: false, - scrape_api_server_endpoints: true, - - // - // Config passed to the agent - // - // agent_config is rendered as a YAML and is the configuration file used - // to control the agent. A single instance is hard-coded and its - // scrape_configs are defined below. - // - // deployment_agent_config is a copy of `agent_config` that is used by the - // single-replica deployment to scrape jobs that don't work in host - // filtering mode. - agent_config: { - server: { - log_level: 'info', - }, - - metrics: { - global: { - scrape_interval: '1m', - }, - - wal_directory: $._config.agent_wal_dir, - - configs: [{ - name: 'agent', - - host_filter: $._config.agent_host_filter, - - scrape_configs: - if $._config.agent_host_filter then - $._config.kubernetes_scrape_configs - else - $._config.kubernetes_scrape_configs + $._config.deployment_scrape_configs, - remote_write: $._config.agent_remote_write, - }], - }, - }, - deployment_agent_config: self.agent_config { - prometheus+: { - configs: [{ - name: 'agent', - - host_filter: false, - - scrape_configs: $._config.deployment_scrape_configs, - remote_write: $._config.agent_remote_write, - }], - }, - - }, - - local all_scrape_configs = k8s_v2.metrics({ - scrape_api_server_endpoints: $._config.scrape_api_server_endpoints, - insecure_skip_verify: $._config.prometheus_insecure_skip_verify, - kubernetes_api_server_address: $._config.prometheus_kubernetes_api_server_address, - ksm_namespace: $._config.namespace, - node_exporter_namespace: $._config.namespace, - }), - - // We have two optional extension points for scrape config. One for the - // statefulset that holds all the agents attached to a node - // (kubernetes_scrape_configs) and One for the single replica deployment - // that is used to scrape jobs that don't work with host filtering mode - // (deployment_scrape_configs) the later is only used when host_filter = - // true. - deployment_scrape_configs: - std.filter(function(job) job.job_name == 'default/kubernetes', all_scrape_configs), - kubernetes_scrape_configs: - std.filter(function(job) job.job_name != 'default/kubernetes', all_scrape_configs), - - agent_remote_write: [], - }, -} diff --git a/production/tanka/grafana-agent/grafana-agent.libsonnet b/production/tanka/grafana-agent/grafana-agent.libsonnet deleted file mode 100644 index f280da77fcf9..000000000000 --- a/production/tanka/grafana-agent/grafana-agent.libsonnet +++ /dev/null @@ -1,85 +0,0 @@ -local config = import 'config.libsonnet'; -local k = import 'ksonnet-util/kausal.libsonnet'; - -k + config { - local configMap = $.core.v1.configMap, - local container = $.core.v1.container, - local daemonSet = $.apps.v1.daemonSet, - local deployment = $.apps.v1.deployment, - local policyRule = $.rbac.v1.policyRule, - local serviceAccount = $.core.v1.serviceAccount, - - agent_rbac: - $.util.rbac($._config.agent_cluster_role_name, [ - policyRule.withApiGroups(['']) + - policyRule.withResources(['nodes', 'nodes/proxy', 'services', 'endpoints', 'pods']) + - policyRule.withVerbs(['get', 'list', 'watch']), - - policyRule.withNonResourceUrls('/metrics') + - policyRule.withVerbs(['get']), - ]) { - service_account+: - serviceAccount.mixin.metadata.withNamespace($._config.namespace), - }, - - agent_config_map: - configMap.new($._config.agent_configmap_name) + - configMap.mixin.metadata.withNamespace($._config.namespace) + - configMap.withData({ - 'agent.yml': $.util.manifestYaml($._config.agent_config), - }), - - agent_args:: { - 'config.file': '/etc/agent/agent.yml', - 'metrics.wal-directory': '/tmp/agent/data', - }, - - agent_container:: - container.new('agent', $._images.agent) + - container.withPorts($.core.v1.containerPort.new('http-metrics', 80)) + - container.withArgsMixin($.util.mapToFlags($.agent_args)) + - container.withEnv([ - $.core.v1.envVar.fromFieldPath('HOSTNAME', 'spec.nodeName'), - ]) + - container.mixin.securityContext.withPrivileged(true) + - container.mixin.securityContext.withRunAsUser(0), - - config_hash_mixin:: { - local hash(config) = { config_hash: std.md5(std.toString(config)) }, - daemonSet: - if $._config.agent_config_hash_annotation then - daemonSet.mixin.spec.template.metadata.withAnnotationsMixin(hash($._config.agent_config)) - else {}, - deployment: - if $._config.agent_config_hash_annotation then - deployment.mixin.spec.template.metadata.withAnnotationsMixin(hash($._config.deployment_agent_config)) - else {}, - }, - - // TODO(rfratto): persistent storage for the WAL here is missing. hostVolume? - agent_daemonset: - daemonSet.new($._config.agent_pod_name, [$.agent_container]) + - daemonSet.mixin.metadata.withNamespace($._config.namespace) + - daemonSet.mixin.spec.template.spec.withServiceAccount($._config.agent_cluster_role_name) + - self.config_hash_mixin.daemonSet + - $.util.configVolumeMount($._config.agent_configmap_name, '/etc/agent'), - - agent_deployment_config_map: - if $._config.agent_host_filter then - configMap.new($._config.agent_deployment_configmap_name) + - configMap.mixin.metadata.withNamespace($._config.namespace) + - configMap.withData({ - 'agent.yml': $.util.manifestYaml($._config.deployment_agent_config), - }) - else {}, - - agent_deployment: - if $._config.agent_host_filter then - deployment.new($._config.agent_deployment_pod_name, 1, [$.agent_container]) + - deployment.mixin.metadata.withNamespace($._config.namespace) + - deployment.mixin.spec.template.spec.withServiceAccount($._config.agent_cluster_role_name) + - deployment.mixin.spec.withReplicas(1) + - self.config_hash_mixin.deployment + - $.util.configVolumeMount($._config.agent_deployment_configmap_name, '/etc/agent') - else {}, -} diff --git a/production/tanka/grafana-agent/jsonnetfile.json b/production/tanka/grafana-agent/jsonnetfile.json deleted file mode 100644 index c903ac17c07c..000000000000 --- a/production/tanka/grafana-agent/jsonnetfile.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "dependencies": [ - { - "name": "ksonnet-util", - "source": { - "git": { - "remote": "https://github.com/grafana/jsonnet-libs", - "subdir": "ksonnet-util" - } - }, - "version": "master" - } - ] -} diff --git a/production/tanka/grafana-agent/scraping-svc/main.libsonnet b/production/tanka/grafana-agent/scraping-svc/main.libsonnet deleted file mode 100644 index 7e414a0e816d..000000000000 --- a/production/tanka/grafana-agent/scraping-svc/main.libsonnet +++ /dev/null @@ -1,107 +0,0 @@ -local config = import '../config.libsonnet'; -local syncer = import './syncer.libsonnet'; -local k = import 'ksonnet-util/kausal.libsonnet'; - -local containerPort = k.core.v1.containerPort; -local configMap = k.core.v1.configMap; -local container = k.core.v1.container; -local deployment = k.apps.v1.deployment; -local policyRule = k.rbac.v1.policyRule; - -{ - new(namespace='default', kube_namespace='kube-system'):: config { - local this = self, - - // Use the default config from the non-scraping-service mode - // but change some of the defaults. - _config+:: { - agent_cluster_role_name: 'grafana-agent-cluster', - agent_configmap_name: 'grafana-agent-cluster', - agent_pod_name: 'grafana-agent-cluster', - agent_replicas: 3, - - namespace: namespace, - kube_namespace: kube_namespace, - - // Scraping service should not be using host filtering - agent_host_filter: false, - - // - // KVStore options - // - agent_config_kvstore: error 'must configure config kvstore', - agent_ring_kvstore: error 'must configure ring kvstore', - - agent_config+: { - metrics+: { - // No configs are used in the scraping service mode. - configs:: [], - - scraping_service: { - enabled: true, - kvstore: this._config.agent_config_kvstore, - lifecycler: { - ring: { - kvstore: this._config.agent_ring_kvstore, - }, - }, - }, - }, - }, - }, - - rbac: - // Need to do a hack here so ksonnet util has our configs :( - (k { _config+: this._config }).util.rbac(this._config.agent_cluster_role_name, [ - policyRule.withApiGroups(['']) + - policyRule.withResources(['nodes', 'nodes/proxy', 'services', 'endpoints', 'pods']) + - policyRule.withVerbs(['get', 'list', 'watch']), - - policyRule.withNonResourceUrls('/metrics') + - policyRule.withVerbs(['get']), - ]), - - configMap: - configMap.new(this._config.agent_configmap_name) + - configMap.withData({ - 'agent.yml': k.util.manifestYaml(this._config.agent_config), - }), - - container:: - container.new('agent-cluster', this._images.agent) + - container.withPorts(containerPort.new(name='http-metrics', port=80)) + - container.withArgsMixin(k.util.mapToFlags({ - 'config.file': '/etc/agent/agent.yml', - 'metrics.wal-directory': '/tmp/agent/data', - })) + - container.withEnv([ - k.core.v1.envVar.fromFieldPath('HOSTNAME', 'spec.nodeName'), - ]) + - container.mixin.securityContext.withPrivileged(true) + - container.mixin.securityContext.withRunAsUser(0), - - deployment: - deployment.new(this._config.agent_pod_name, this._config.agent_replicas, [this.container]) + - deployment.mixin.spec.template.spec.withServiceAccount(this._config.agent_cluster_role_name) + - deployment.mixin.spec.withMinReadySeconds(60) + - deployment.mixin.spec.strategy.rollingUpdate.withMaxSurge(0) + - deployment.mixin.spec.strategy.rollingUpdate.withMaxUnavailable(1) + - deployment.mixin.spec.template.spec.withTerminationGracePeriodSeconds(4800) + - k.util.configVolumeMount(this._config.agent_configmap_name, '/etc/agent'), - - service: - k.util.serviceFor(this.deployment), - - // Create the cronjob that syncs configs to the API - syncer: - syncer.new(this._images.agentctl, this._config), - }, - - withImagesMixin(images):: { _images+: images }, - - // withConfig overrides the config used for the agent. - withConfig(config):: { _config: config }, - - // withConfigMixin merges the provided config with the existing config. - withConfigMixin(config):: { _config+: config }, -} diff --git a/production/tanka/grafana-agent/scraping-svc/syncer.libsonnet b/production/tanka/grafana-agent/scraping-svc/syncer.libsonnet deleted file mode 100644 index d24373e164f0..000000000000 --- a/production/tanka/grafana-agent/scraping-svc/syncer.libsonnet +++ /dev/null @@ -1,61 +0,0 @@ -local k = import 'ksonnet-util/kausal.libsonnet'; - -local cronJob = k.batch.v1.cronJob; -local configMap = k.core.v1.configMap; -local container = k.core.v1.container; -local deployment = k.apps.v1.deployment; -local volumeMount = k.core.v1.volumeMount; -local volume = k.core.v1.volume; - -{ - new(agentctl_image, config):: { - local this = self, - - local configs = std.foldl( - function(agg, cfg) - // Sanitize the name and remove / so every file goes into the same - // folder. - local name = std.strReplace(cfg.job_name, '/', '_'); - - agg { - ['%s.yml' % name]: k.util.manifestYaml( - { - scrape_configs: [cfg], - remote_write: config.agent_remote_write, - }, - ), - }, - config.kubernetes_scrape_configs, - {}, - ), - - configMap: - configMap.new('agent-syncer') + - configMap.withData(configs), - - container:: - container.new('agent-syncer', agentctl_image) + - container.withArgsMixin([ - 'config-sync', - '--addr=http://%(agent_pod_name)s.%(namespace)s.svc.cluster.local:80' % config, - '/etc/configs', - ]) + - container.withVolumeMounts([ - volumeMount.new('agent-syncer', '/etc/configs'), - ]), - - syncer_job: - cronJob.new('agent-syncer', '*/5 * * * *', this.container) + - cronJob.mixin.spec.withSuccessfulJobsHistoryLimit(1) + - cronJob.mixin.spec.withFailedJobsHistoryLimit(3) + - cronJob.mixin.spec.jobTemplate.spec.template.spec.withRestartPolicy('OnFailure') + - cronJob.mixin.spec.jobTemplate.spec.template.spec.withActiveDeadlineSeconds(600) + - cronJob.mixin.spec.jobTemplate.spec.withTtlSecondsAfterFinished(120) + - cronJob.mixin.spec.jobTemplate.spec.template.spec.withVolumes([ - volume.fromConfigMap( - name='agent-syncer', - configMapName=this.configMap.metadata.name, - ), - ]), - }, -} diff --git a/production/tanka/grafana-agent/smoke/avalanche/main.libsonnet b/production/tanka/grafana-agent/smoke/avalanche/main.libsonnet deleted file mode 100644 index 6887337ce2a9..000000000000 --- a/production/tanka/grafana-agent/smoke/avalanche/main.libsonnet +++ /dev/null @@ -1,49 +0,0 @@ -local k = import 'ksonnet-util/kausal.libsonnet'; - -local configMap = k.core.v1.configMap; -local container = k.core.v1.container; -local containerPort = k.core.v1.containerPort; -local deployment = k.apps.v1.deployment; -local pvc = k.core.v1.persistentVolumeClaim; -local service = k.core.v1.service; -local volumeMount = k.core.v1.volumeMount; -local volume = k.core.v1.volume; - -{ - new(name='avalanche', replicas=1, namespace='', config={}):: { - local this = self, - - _config+:: { - image: 'quay.io/freshtracks.io/avalanche:latest', - - metric_count: 500, - label_count: 10, - series_count: 10, - metricname_length: 5, - labelname_length: 5, - value_interval: 30, - series_interval: 30, - metric_interval: 120, - } + config, - - container:: - container.new(name, this._config.image) + - container.withPorts([ - containerPort.newNamed(name='http', containerPort=9001), - ]) + - container.withArgsMixin([ - '--metric-count=%d' % this._config.metric_count, - '--label-count=%d' % this._config.label_count, - '--series-count=%d' % this._config.series_count, - '--metricname-length=%d' % this._config.metricname_length, - '--labelname-length=%d' % this._config.labelname_length, - '--value-interval=%d' % this._config.value_interval, - '--series-interval=%d' % this._config.series_interval, - '--metric-interval=%d' % this._config.metric_interval, - ]), - - deployment: - deployment.new(name, replicas, [self.container]) + - deployment.mixin.metadata.withNamespace(namespace), - }, -} diff --git a/production/tanka/grafana-agent/smoke/crow/main.libsonnet b/production/tanka/grafana-agent/smoke/crow/main.libsonnet deleted file mode 100644 index a159e6c16657..000000000000 --- a/production/tanka/grafana-agent/smoke/crow/main.libsonnet +++ /dev/null @@ -1,36 +0,0 @@ -local k = import 'ksonnet-util/kausal.libsonnet'; - -local configMap = k.core.v1.configMap; -local container = k.core.v1.container; -local containerPort = k.core.v1.containerPort; -local deployment = k.apps.v1.deployment; -local pvc = k.core.v1.persistentVolumeClaim; -local service = k.core.v1.service; -local volumeMount = k.core.v1.volumeMount; -local volume = k.core.v1.volume; - -{ - new(name='crow', namespace='', config={}):: { - local this = self, - - _config+:: { - image: 'us.gcr.io/kubernetes-dev/grafana/agent-crow:main', - args: { - 'server.http.address': '0.0.0.0:80', - }, - pull_secret: '', - } + config, - - container:: - container.new(name, this._config.image) + - container.withPorts([ - containerPort.newNamed(name='http-metrics', containerPort=80), - ]) + - container.withArgsMixin(k.util.mapToFlags(this._config.args)), - - deployment: - deployment.new(name, 1, [self.container]) + - deployment.mixin.metadata.withNamespace(namespace) + - deployment.spec.template.spec.withImagePullSecrets({ name: this._config.pull_secret }), - }, -} diff --git a/production/tanka/grafana-agent/smoke/etcd/main.libsonnet b/production/tanka/grafana-agent/smoke/etcd/main.libsonnet deleted file mode 100644 index 46598632a545..000000000000 --- a/production/tanka/grafana-agent/smoke/etcd/main.libsonnet +++ /dev/null @@ -1,30 +0,0 @@ -local k = import 'ksonnet-util/kausal.libsonnet'; - -local container = k.core.v1.container; -local containerPort = k.core.v1.containerPort; -local deployment = k.apps.v1.deployment; -local service = k.core.v1.service; - -{ - new(namespace=''):: { - container:: - container.new('etcd', 'gcr.io/etcd-development/etcd:v3.4.7') + - container.withPorts([ - containerPort.newNamed(name='etcd', containerPort=2379), - ]) + - container.withArgsMixin([ - '/usr/local/bin/etcd', - '--listen-client-urls=http://0.0.0.0:2379', - '--advertise-client-urls=http://0.0.0.0:2379', - '--log-level=info', - ]), - - deployment: - deployment.new('etcd', 1, [self.container]) + - deployment.mixin.metadata.withNamespace(namespace), - - service: - k.util.serviceFor(self.deployment) + - service.mixin.metadata.withNamespace(namespace), - }, -} diff --git a/production/tanka/grafana-agent/smoke/main.libsonnet b/production/tanka/grafana-agent/smoke/main.libsonnet deleted file mode 100644 index d8cbac4dc142..000000000000 --- a/production/tanka/grafana-agent/smoke/main.libsonnet +++ /dev/null @@ -1,69 +0,0 @@ -local k = import 'ksonnet-util/kausal.libsonnet'; -local policyRule = k.rbac.v1.policyRule; -local serviceAccount = k.core.v1.serviceAccount; -local container = k.core.v1.container; -local containerPort = k.core.v1.containerPort; -local deployment = k.apps.v1.deployment; -local service = k.core.v1.service; -local util = k.util; - -{ - new(name='grafana-agent-smoke', namespace='default', config={}):: { - local k = (import 'ksonnet-util/kausal.libsonnet') { _config+:: { namespace: namespace } }, - - local this = self, - - _images:: { - agentsmoke: 'us.gcr.io/kubernetes-dev/grafana/agent-smoke:main', - }, - - _config:: { - mutationFrequency: '5m', - chaosFrequency: '30m', - image: this._images.agentsmoke, - pull_secret: '', - podPrefix: 'grafana-agent', - simulateErrors: true, - } + config, - - rbac: - k.util.rbac(name, [ - policyRule.withApiGroups(['apps']) + - policyRule.withResources(['deployments/scale']) + - policyRule.withVerbs(['get', 'update']), - policyRule.withApiGroups(['']) + - policyRule.withResources(['pods']) + - policyRule.withVerbs(['list', 'delete']), - ]) { - service_account+: - serviceAccount.mixin.metadata.withNamespace(namespace), - }, - - container:: - container.new('agent-smoke', this._config.image) + - container.withPorts([ - containerPort.newNamed(name='remote-write', containerPort=19090), - ]) + - container.withArgsMixin(k.util.mapToFlags({ - 'log.level': 'debug', - namespace: namespace, - 'mutation-frequency': this._config.mutationFrequency, - 'chaos-frequency': this._config.chaosFrequency, - 'pod-prefix': this._config.podPrefix, - 'fake-remote-write': true, - 'simulate-errors': this._config.simulateErrors, - })), - - agentsmoke_deployment: - deployment.new(name, 1, [self.container]) + - deployment.mixin.metadata.withNamespace(namespace) + - deployment.mixin.spec.template.spec.withServiceAccount(name) + - deployment.spec.template.spec.withImagePullSecrets({ name: this._config.pull_secret }), - - service: - util.serviceFor(self.agentsmoke_deployment) + - service.mixin.metadata.withNamespace(namespace), - }, - - monitoring: (import './prometheus_monitoring.libsonnet'), -} diff --git a/production/tanka/grafana-agent/v1/README.md b/production/tanka/grafana-agent/v1/README.md deleted file mode 100644 index 5eb6f0513722..000000000000 --- a/production/tanka/grafana-agent/v1/README.md +++ /dev/null @@ -1,79 +0,0 @@ -# Tanka Configs - -**STATUS**: Abandoned. Use v0 (parent directory) or v2 instead. - -This directory contains the Tanka configs that we use to deploy the Grafana -Agent. It is marked as `v1` and is incompatible with the `v0` configs -found in the [parent directory](../). - -This library is currently a work in progress and backwards-incompatible changes -may occur. Once the library is considered complete, no further backwards -incompatible changes will be made. - -## Capabilities - -This library is significantly more flexible than its `v0` counterpart. It tries -to allow to deploy and configure the Agent in a feature matrix: - -| Mechanism | Metrics | Logs | Traces | Integrations | -| ---------------- | ------- | --------- | ------ | ------------ | -| DaemonSet | Yes | Yes | Yes | Yes | -| Deployment | Yes | No | No | No | -| Scraping Service | Yes | No | No | No | - -The library can be invoked multiple times to get full coverage. For example, you -may wish to deploy a scraping service for scalable metrics collection, and a -DaemonSet with just Loki Logs for log collection. - -Trying to use the library in incompatible ways will generate errors. For -example, you may not deploy a scraping service with Loki logs collection. - -## API - -## Generate Agent Deployment - -- `new(name, namespace)`: Create a new DaemonSet. This is the default mode to - deploy the Agent. Enables host filtering. -- `newDeployment(name, namespace)`: Create a new single-replica Deployment. - Disables host filtering. -- `newScrapingService(name, namespace, replicas)`: (Not yet available). Create a - scalable deployment of clustered Agents. Requires being given a KV store such as Redis or ETCD. - -## Configure Metrics - -- `withMetricsConfig(config)`: Creates a metrics config block. -- `defaultMetricsConfig`: Default metrics config block. -- `withMetricsInstances(instances)`: Creates a metrics instance config to - tell the Agent what to scrape. -- `withRemoteWrite(remote_writes)`: Configures locations to remote write metrics - to. Controls remote writes globally. -- `scrapeInstanceKubernetes`: Default metrics instance config to scrape from - Kubernetes. - -## Configure Logs - -- `withLogsConfig(config)`: Creates a Logs config block to pass to the Agent. -- `newLogsClient(client_config)`: Creates a new client configuration to pass - to `withLogsClients`. -- `withLogsClients(clients)`: Add a set of clients to a Logs config block. -- `scrapeKubernetesLogs`: Default Logs config that collects logs from Kubernetes - pods. - -## Configure Traces - -- `withTracesConfig(config)`: Creates a Traces config block to pass to the Agent. -- `withTracesRemoteWrite(remote_write)`: Configures one or multiple locations to push spans to. -- `withTracesSamplingStrategies(strategies)`: Configures strategies for trace collection. -- `withTracesScrapeConfigs(scrape_configs)`: Configures scrape configs to attach - labels to incoming spans. -- `tracesScrapeKubernetes`: Default scrape configs to collect meta information - from pods. Aligns with the labels from `scrapeInstanceKubernetes` and - `scrapeKubernetesLogs` so logs, metrics, and traces all use the same set of - labels. - -## General - -- `withImages(images)`: Use custom images. -- `withConfigHash(include=true)`: Whether to include a config hash annotation. -- `withPortsMixin(ports)`: Mixin ports from `k.core.v1.containerPort` against - the container and service. diff --git a/production/tanka/grafana-agent/v1/internal/agent.libsonnet b/production/tanka/grafana-agent/v1/internal/agent.libsonnet deleted file mode 100644 index d6af77dd0bd7..000000000000 --- a/production/tanka/grafana-agent/v1/internal/agent.libsonnet +++ /dev/null @@ -1,72 +0,0 @@ -local k = import 'ksonnet-util/kausal.libsonnet'; - -local configMap = k.core.v1.configMap; -local container = k.core.v1.container; -local daemonSet = k.apps.v1.daemonSet; -local deployment = k.apps.v1.deployment; -local policyRule = k.rbac.v1.policyRule; -local serviceAccount = k.core.v1.serviceAccount; - -{ - newAgent(name='grafana-agent', namespace='default', image, config, use_daemonset=true):: { - local controller = if use_daemonset then daemonSet else deployment, - local k = (import 'ksonnet-util/kausal.libsonnet') { _config+:: { namespace: namespace } }, - local this = self, - - _controller:: controller, - _config_hash:: true, - - listen_port:: 8080, - - rbac: - k.util.rbac(name, [ - // Need for k8s SD on Loki/Prometheus subsystems - policyRule.withApiGroups(['']) + - policyRule.withResources(['nodes', 'nodes/proxy', 'services', 'endpoints', 'pods']) + - policyRule.withVerbs(['get', 'list', 'watch']), - - // Needed for Prometheus subsystem to scrape k8s API - policyRule.withNonResourceUrls('/metrics') + - policyRule.withVerbs(['get']), - ]) { - service_account+: - serviceAccount.mixin.metadata.withNamespace(namespace), - }, - - config_map: - configMap.new(name) + - configMap.mixin.metadata.withNamespace(namespace) + - configMap.withData({ - 'agent.yaml': k.util.manifestYaml(config), - }), - - container:: - container.new('agent', image) + - container.withPorts(k.core.v1.containerPort.new('http-metrics', self.listen_port)) + - container.withArgsMixin(k.util.mapToFlags({ - 'config.file': '/etc/agent/agent.yaml', - 'server.http.address': '0.0.0.0:' + this.listen_port, - })) + - container.withEnvMixin([ - k.core.v1.envVar.fromFieldPath('HOSTNAME', 'spec.nodeName'), - ]), - - agent: - ( - if use_daemonset then daemonSet.new(name, [self.container]) - else deployment.new(name, 1, [self.container]) - ) + - controller.mixin.metadata.withNamespace(namespace) + - controller.mixin.spec.template.spec.withServiceAccount(name) + - ( - if self._config_hash - then controller.mixin.spec.template.metadata.withAnnotationsMixin({ - config_hash: std.md5(std.toString(config)), - }) - else {} - ) + - k.util.configVolumeMount(name, '/etc/agent'), - }, - - withConfigHash(include):: { _config_hash:: include }, -} diff --git a/production/tanka/grafana-agent/v1/internal/kubernetes_instance.libsonnet b/production/tanka/grafana-agent/v1/internal/kubernetes_instance.libsonnet deleted file mode 100644 index a4749c9797fc..000000000000 --- a/production/tanka/grafana-agent/v1/internal/kubernetes_instance.libsonnet +++ /dev/null @@ -1,27 +0,0 @@ -local k8s_v2 = import '../../v2/internal/helpers/k8s.libsonnet'; - -{ - kubernetesScrapeInstanceConfig:: { - scrape_api_server_endpoints: false, - insecure_skip_verify: false, - - cluster_dns_tld: 'local', - cluster_dns_suffix: 'cluster.' + self.cluster_dns_tld, - kubernetes_api_server_address: 'kubernetes.default.svc.%(cluster_dns_suffix)s:443' % self, - }, - - newKubernetesScrapeInstance(config, namespace='default'):: { - local _config = $.kubernetesScrapeInstanceConfig + config, - - name: 'kubernetes', - scrape_configs: k8s_v2.metrics({ - scrape_api_server_endpoints: _config.scrape_api_server_endpoints, - insecure_skip_verify: _config.insecure_skip_verify, - cluster_dns_tld: _config.cluster_dns_tld, - cluster_dns_suffix: _config.cluster_dns_suffix, - kubernetes_api_server_address: _config.kubernetes_api_server_address, - ksm_namespace: namespace, - node_exporter_namespace: namespace, - }), - }, -} diff --git a/production/tanka/grafana-agent/v1/internal/kubernetes_logs.libsonnet b/production/tanka/grafana-agent/v1/internal/kubernetes_logs.libsonnet deleted file mode 100644 index 8ef2d4f40200..000000000000 --- a/production/tanka/grafana-agent/v1/internal/kubernetes_logs.libsonnet +++ /dev/null @@ -1,7 +0,0 @@ -local k8s_v2 = import '../../v2/internal/helpers/k8s.libsonnet'; - -{ - newKubernetesLogsCollector():: { - scrape_configs: k8s_v2.logs(), - }, -} diff --git a/production/tanka/grafana-agent/v1/internal/utils.libsonnet b/production/tanka/grafana-agent/v1/internal/utils.libsonnet deleted file mode 100644 index 35ab5834a782..000000000000 --- a/production/tanka/grafana-agent/v1/internal/utils.libsonnet +++ /dev/null @@ -1,36 +0,0 @@ -{ - // Returns true if the scrape_config only contains a service_discovery for - // Kubernetes (via kubernetes_sd_configs) that has role: pod - isOnlyK8sPodDiscovery(scrape_config):: - // Get all the *_sd_configs and filter that down to the sd_configs that aren't - // kubernetes_sd_configs. It should be 0. - std.length(std.filter( - function(key) key != 'kubernetes_sd_configs', - std.filter( - function(key) std.endsWith(key, '_sd_configs'), - std.objectFields(scrape_config), - ), - )) == 0 && - // Make sure there are 0 kubernetes_sd_configs whose role is not pod - std.length(std.filter( - function(kube_sd_config) kube_sd_config.role != 'pod', - std.flatMap( - function(key) scrape_config[key], - std.filter( - function(key) key == 'kubernetes_sd_configs', - std.objectFields(scrape_config) - ) - ) - )) == 0, - - // host_filter_compatible instances are ones that: - // - only use kubernetes_sd_configs - // - only use kubernetes_sd_configs with role = 'pod' - transformInstances(instances=[], host_filter_compatible=true):: - std.map(function(instance) instance { - scrape_configs: std.filter( - function(cfg) $.isOnlyK8sPodDiscovery(cfg) == host_filter_compatible, - super.scrape_configs, - ), - }, instances), -} diff --git a/production/tanka/grafana-agent/v1/lib/deployment.libsonnet b/production/tanka/grafana-agent/v1/lib/deployment.libsonnet deleted file mode 100644 index e557a0739516..000000000000 --- a/production/tanka/grafana-agent/v1/lib/deployment.libsonnet +++ /dev/null @@ -1,83 +0,0 @@ -local agent = import '../internal/agent.libsonnet'; -local k = import 'ksonnet-util/kausal.libsonnet'; - -local configMap = k.core.v1.configMap; -local service = k.core.v1.service; -local container = k.core.v1.container; - -{ - // newDeployment creates a new single-replicated Deployment of the - // grafana-agent. By default, this deployment will do no collection. You must - // merge the result of this function with the following: - // - // - withMetricsConfig - // - withMetricsInstances - // - optionally withRemoteWrite - // - // newDeployment does not support log collection. - newDeployment(name='grafana-agent', namespace='default'):: { - assert !std.objectHas(self, '_logs_config') : ||| - Log collection is not supported with newDeployment. - |||, - assert !std.objectHas(self, '_integrations') : ||| - Integrations are not supported with newDeployment. - |||, - - local this = self, - - _mode:: 'deployment', - _images:: $._images, - _config_hash:: true, - - local has_metrics_config = std.objectHasAll(self, '_metrics_config'), - local has_metrics_instances = std.objectHasAll(self, '_metrics_instances'), - local has_trace_config = std.objectHasAll(self, '_trace_config'), - local has_sampling_strategies = std.objectHasAll(self, '_traces_sampling_strategies'), - - config:: { - server: { - log_level: 'info', - }, - } + ( - if has_metrics_config - then { - metrics: - this._metrics_config { - configs: - if has_metrics_instances - then this._metrics_instances - else [], - }, - } - else {} - ) + ( - if has_trace_config then { - traces: { - configs: [this._trace_config { - name: 'default', - }], - }, - } - else {} - ), - - agent: - agent.newAgent(name, namespace, self._images.agent, self.config, use_daemonset=false) + - agent.withConfigHash(self._config_hash) + { - // If sampling strategies were defined, we need to mount them as a JSON - // file. - config_map+: - if has_sampling_strategies - then configMap.withDataMixin({ - 'strategies.json': std.toString(this._traces_sampling_strategies), - }) - else {}, - // If we're deploying for tracing, applications will want to write to - // a service for load balancing span delivery. - service: - if has_trace_config - then k.util.serviceFor(self.agent) + service.mixin.metadata.withNamespace(namespace) - else {}, - }, - }, -} diff --git a/production/tanka/grafana-agent/v1/lib/integrations.libsonnet b/production/tanka/grafana-agent/v1/lib/integrations.libsonnet deleted file mode 100644 index 6b1482816cf9..000000000000 --- a/production/tanka/grafana-agent/v1/lib/integrations.libsonnet +++ /dev/null @@ -1,33 +0,0 @@ -local k = import 'ksonnet-util/kausal.libsonnet'; - -local container = k.core.v1.container; - -{ - // withIntegrations controls the integrations component of the Agent. - // - // For the full list of options, refer to the configuration reference: - // https://github.com/grafana/agent/blob/main/docs/configuration-reference.md#integrations_config - withIntegrations(integrations):: { - assert std.objectHasAll(self, '_mode') : ||| - withIntegrations must be merged with the result of calling new. - |||, - _integrations:: integrations, - }, - - integrationsMixin:: { - container+:: - container.mixin.securityContext.withPrivileged(true) + - container.mixin.securityContext.withRunAsUser(0), - - local controller = self._controller, - agent+: - // procfs, sysfs, rotfs - k.util.hostVolumeMount('proc', '/proc', '/host/proc', readOnly=true) + - k.util.hostVolumeMount('sys', '/sys', '/host/sys', readOnly=true) + - k.util.hostVolumeMount('root', '/', '/host/root', readOnly=true) + - - controller.mixin.spec.template.spec.withHostPID(true) + - controller.mixin.spec.template.spec.withHostNetwork(true) + - controller.mixin.spec.template.spec.withDnsPolicy('ClusterFirstWithHostNet'), - }, -} diff --git a/production/tanka/grafana-agent/v1/lib/logs.libsonnet b/production/tanka/grafana-agent/v1/lib/logs.libsonnet deleted file mode 100644 index babb85d5ecca..000000000000 --- a/production/tanka/grafana-agent/v1/lib/logs.libsonnet +++ /dev/null @@ -1,82 +0,0 @@ -local scrape_k8s_logs = import '../internal/kubernetes_logs.libsonnet'; -local k = import 'ksonnet-util/kausal.libsonnet'; - -local container = k.core.v1.container; - -{ - // withLogsConfig adds a Logs config to collect logs. - // - // For the full list of options, refer to the configuration reference: - // https://grafana.com/docs/agent/latest/configuration/logs-config/ - withLogsConfig(config):: { - assert std.objectHasAll(self, '_mode') : ||| - withLogsConfig must be merged with the result of calling new. - |||, - _logs_config:: config, - }, - - // newLogsClient creates a new client object. Results from this can be passed into - // withLogsClients. - // - // client_config should be an object of the following shape: - // - // { - // scheme: 'https', // or http - // hostname: 'logs-us-central1.grafana.net', // replace with hostname to use - // username: '', // OPTIONAL username for Loki API connection - // password: '', // OPTIONAL password for Loki API connection - // external_labels: {}, // OPTIONAL labels to set for connection - // } - newLogsClient(client_config):: - { - url: ( - if std.objectHasAll(client_config, 'username') then - '%(scheme)s://%(username)s:%(password)s@%(hostname)s/loki/api/v1/push' % client_config - else - '%(scheme)s://%(hostname)s/loki/api/v1/push' % client_config - ), - } + ( - if std.objectHasAll(client_config, 'external_labels') - then { external_labels: client_config.external_labels } - else {} - ), - - // withLogsClients adds clients to send logs to. At least one client must be - // present. Clients can be created by calling newLogsClient or by creating - // an object that conforms to the Promtail client_config schema specified - // here: - // - // https://grafana.com/docs/loki/latest/clients/promtail/configuration/#client_config - // - // withLogsClients should be merged with the result of withLogsConfig. - withLogsClients(clients):: { - assert std.objectHasAll(self, '_logs_config') : ||| - withLogsClients must be merged with the result of calling withLogsConfig. - |||, - - _logs_config+:: { - clients: if std.isArray(clients) then clients else [clients], - }, - }, - - // logsPermissionsMixin mutates the container and deployment to work with - // reading Docker container logs. - logsPermissionsMixin:: { - container+:: - container.mixin.securityContext.withPrivileged(true) + - container.mixin.securityContext.withRunAsUser(0), - - agent+: - // For reading docker containers. /var/log is used for the positions file - // and shouldn't be set to readonly. - k.util.hostVolumeMount('varlog', '/var/log', '/var/log') + - k.util.hostVolumeMount('varlibdockercontainers', '/var/lib/docker/containers', '/var/lib/docker/containers', readOnly=true) + - - // For reading journald - k.util.hostVolumeMount('etcmachineid', '/etc/machine-id', '/etc/machine-id', readOnly=true), - }, - - // scrapeKubernetesLogs defines a Logs config that can collect logs from - // Kubernetes pods. - scrapeKubernetesLogs: scrape_k8s_logs.newKubernetesLogsCollector(), -} diff --git a/production/tanka/grafana-agent/v1/lib/metrics.libsonnet b/production/tanka/grafana-agent/v1/lib/metrics.libsonnet deleted file mode 100644 index 3cad8e867ab8..000000000000 --- a/production/tanka/grafana-agent/v1/lib/metrics.libsonnet +++ /dev/null @@ -1,116 +0,0 @@ -local scrape_k8s = import '../internal/kubernetes_instance.libsonnet'; - -{ - // defaultMetricsConfig holds the default Metrics Config with all - // options that the Agent supports. It is better to use this object as a - // reference rather than extending it; since all fields are defined here, if - // the Agent changes a default value in the future, the default change will - // be overridden by the values here. - // - // Required fields will be marked as REQUIRED. - defaultMetricsConfig:: { - // Settings that apply to all launched Metrics instances by default. - // These settings may be overridden on a per-instance basis. - global: { - // How frequently to scrape for metrics. - scrape_interval: '1m', - - // How long to wait before timing out from scraping a target. - scrape_timeout: '10s', - - // Extra labels to apply to all scraped targets. - external_labels: { - /* foo: 'bar', */ - }, - }, - - // Where to store the WAL for metrics before they are sent to remote_write. - // REQUIRED. The value here is preconfigured to work with the Tanka configs. - wal_directory: '/var/lib/agent/data', - - // If an instance crashes abnormally, wait this long before restarting it. - // 0s disables the backoff period and restarts the instance immediately. - instance_restart_backoff: '5s', - - // How to spawn instances based on compatible fields. Supported values: - // "shared" (default), "distinct". - instance_mode: 'shared', - }, - - // withMetricsConfig controls the Metrics engine settings for the Agent. - // defaultMetricsConfig explicitly defines all supported values that can be - // provided within config. - withMetricsConfig(config):: { _metrics_config:: config }, - - // withMetricsInstances controls the Metrics instances the Agent will - // launch. Instances may be a single object or an array of objects. Each - // object must have a name key that is unique to that object. - // - // scrapeInstanceKubernetes defines an example set of instances and the - // ones Grafana Labs uses in production. It does not demonstrate all available - // values for scrape configs and remote_write. For detailed information on - // instance config settings, consult the Agent documentation: - // - // https://github.com/grafana/agent/blob/main/docs/configuration-reference.md#metrics_instance_config - // - // host_filter does not need to be applied here; the library will apply it - // automatically based on how the Agent is being deployed. - // - // remote_write rules may be defined in the instance object. Optionally, - // remove_write rules may be applied to every instance object by using the - // withRemoteWrite function. - withMetricsInstances(instances):: { - assert std.objectHasAll(self, '_mode') : ||| - withMetricsInstances must be merged with the result of calling new, - newDeployment, or newScrapingService. - |||, - - local list = if std.isArray(instances) then instances else [instances], - - // If the library was invoked in daemonset mode, we want to use - // host_filtering mode so each Agent only scrapes stuff from its local - // machine. - local host_filter = super._mode == 'daemonset', - - // Apply host_filtering over our list of instances. - _metrics_instances:: std.map(function(inst) inst { - host_filter: host_filter, - - // Make sure remote_write is an empty array if it doesn't exist. - remote_write: - if !std.objectHas(inst, 'remote_write') || !std.isArray(inst.remote_write) - then [] - else inst.remote_write, - }, list), - }, - - // withRemoteWrite overwrites all the remote_write configs provided in - // withMetricsInstances with the specified remote_writes. This is - // useful when there are multiple instances and you just want everything - // to remote_write to the same place. - // - // Refer to the remote_write specification for all available fields: - // https://github.com/grafana/agent/blob/main/docs/configuration-reference.md#remote_write - withRemoteWrite(remote_writes):: { - assert std.objectHasAll(self, '_mode') : ||| - withMetricsInstances must be merged with the result of calling new, - newDeployment, or newScrapingService. - |||, - - local list = if std.isArray(remote_writes) then remote_writes else [remote_writes], - _metrics_config+:: { global+: { remote_write: list } }, - }, - - // scrapeInstanceKubernetes defines an instance config Grafana Labs uses to - // scrape Kubernetes metrics. - // - // Pods will be scraped if: - // - // 1. They have a port ending in -metrics - // 2. They do not have a prometheus.io/scrape=false annotation - // 3. They have a name label - scrapeInstanceKubernetes: scrape_k8s.newKubernetesScrapeInstance( - config=scrape_k8s.kubernetesScrapeInstanceConfig, - namespace='default', - ), -} diff --git a/production/tanka/grafana-agent/v1/lib/scraping_service.libsonnet b/production/tanka/grafana-agent/v1/lib/scraping_service.libsonnet deleted file mode 100644 index 6962ad3b8d30..000000000000 --- a/production/tanka/grafana-agent/v1/lib/scraping_service.libsonnet +++ /dev/null @@ -1,4 +0,0 @@ -{ - // TODO(rfratto): port scraping service code and expose as newScrapingService - // here. -} diff --git a/production/tanka/grafana-agent/v1/lib/traces.libsonnet b/production/tanka/grafana-agent/v1/lib/traces.libsonnet deleted file mode 100644 index 98a91fcb4191..000000000000 --- a/production/tanka/grafana-agent/v1/lib/traces.libsonnet +++ /dev/null @@ -1,121 +0,0 @@ -{ - // withTracesConfig adds a Traces config to collect traces. - // - // For the full list of options, refer to the configuration reference: - // - withTracesConfig(config):: { - assert std.objectHasAll(self, '_mode') : ||| - withTracesConfig must be merged with the result of calling new. - |||, - _trace_config:: config, - }, - - // withTracesRemoteWrite configures one or multiple backends to write traces to. - // - // Available options can be found in the configuration reference: - // https://github.com/grafana/agent/blob/main/docs/configuration-reference.md#traces_config - withTracesRemoteWrite(remote_write):: { - assert std.objectHasAll(self, '_trace_config') : ||| - withTracesRemoteWrite must be merged with the result of calling - withTracesConfig. - |||, - _trace_config+:: { remote_write: remote_write }, - }, - - // withTracesSamplingStrategies accepts an object for trace sampling strategies. - // - // Refer to Jaeger's documentation for available fields: - // https://www.jaegertracing.io/docs/1.17/sampling/#collector-sampling-configuration - // - // Creating a file isn't necessary; just provide the object and a ConfigMap - // will be created for you and added to the tempo config. - withTracesSamplingStrategies(strategies):: { - assert std.objectHasAll(self, '_trace_config') : ||| - withTracesPushConfig must be merged with the result of calling - withTracesConfig. - |||, - - assert - std.objectHasAll(self._trace_config, 'receivers') && - std.objectHasAll(self._trace_config.receivers, 'jaeger') : ||| - withStrategies can only be used if the traces config is configured for - receiving Jaeger spans and traces. - |||, - - // The main library should detect the presence of _traces_sampling_strategies - // and create a ConfigMap bound to /etc/agent/strategies.json. - _traces_sampling_strategies:: strategies, - _trace_config+:: { - receivers+: { - jaeger+: { - remote_sampling: { - strategy_file: '/etc/agent/strategies.json', - insecure: true, - }, - }, - }, - }, - }, - - // Configures scrape_configs for discovering meta labels that will be attached - // to incoming metrics and spans whose IP matches the __address__ of the - // target. - withTracesScrapeConfigs(scrape_configs):: { - assert std.objectHasAll(self, '_trace_config') : ||| - withTracesScrapeConfigs must be merged with the result of calling - withTracesConfig. - |||, - _trace_config+: { scrape_configs: scrape_configs }, - }, - - // Provides a default set of scrape_configs to use for discovering labels from - // Pods. Labels will be attached to any traces sent from the discovered pods. - tracesScrapeKubernetes:: [ - { - bearer_token_file: '/var/run/secrets/kubernetes.io/serviceaccount/token', - job_name: 'kubernetes-pods', - kubernetes_sd_configs: [{ role: 'pod' }], - relabel_configs: [ - { - action: 'replace', - source_labels: ['__meta_kubernetes_namespace'], - target_label: 'namespace', - }, - { - action: 'replace', - source_labels: ['__meta_kubernetes_pod_name'], - target_label: 'pod', - }, - { - action: 'replace', - source_labels: ['__meta_kubernetes_pod_container_name'], - target_label: 'container', - }, - ], - tls_config: { - ca_file: '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt', - insecure_skip_verify: false, - }, - }, - ], - - // withTracesTailSamplingConfig tail-based sampling for traces. - // - // Available options can be found in the configuration reference: - // https://github.com/grafana/agent/blob/main/docs/configuration-reference.md#traces_config - withTracesTailSamplingConfig(tail_sampling):: { - assert std.objectHasAll(self, '_trace_config') : ||| - withTracesTailSamplingConfig must be merged with the result of calling - withTracesConfig. - |||, - _trace_config+:: { tail_sampling: tail_sampling }, - }, - - withTracesLoadBalancingConfig(load_balancing):: { - assert std.objectHasAll(self, '_trace_config') : ||| - withTracesLoadBalancingConfig must be merged with the result of calling - withTracesConfig. - |||, - _trace_config+:: { load_balancing: load_balancing }, - }, -} diff --git a/production/tanka/grafana-agent/v1/main.libsonnet b/production/tanka/grafana-agent/v1/main.libsonnet deleted file mode 100644 index d4096bc015e9..000000000000 --- a/production/tanka/grafana-agent/v1/main.libsonnet +++ /dev/null @@ -1,142 +0,0 @@ -local agent = import './internal/agent.libsonnet'; -local utils = import './internal/utils.libsonnet'; -local k = import 'ksonnet-util/kausal.libsonnet'; - -local container = k.core.v1.container; -local configMap = k.core.v1.configMap; -local service = k.core.v1.service; - -// Merge all of our libraries to create the final exposed library. -(import './lib/deployment.libsonnet') + -(import './lib/integrations.libsonnet') + -(import './lib/metrics.libsonnet') + -(import './lib/scraping_service.libsonnet') + -(import './lib/logs.libsonnet') + -(import './lib/traces.libsonnet') + -{ - _images:: { - agent: 'grafana/agent:v0.39.0', - agentctl: 'grafana/agentctl:v0.39.0', - }, - - // new creates a new DaemonSet deployment of the grafana-agent. By default, - // the deployment will do no collection. You must merge the result of this - // function with one or more of the following: - // - // - withMetricsConfig, withMetricsInstances (and optionally withRemoteWrite) - // - withLogsConfig - // - // When using withMetricsInstances, a [name]-etc deployment - // with one replica will be created alongside the DaemonSet. This deployment - // is responsible for handling scrape configs that will not work on the host - // machine. - // - // For example, if a scrape_config scrapes the Kubernetes API, that must be - // handled by the [name]-etc deployment as the Kubernetes API does not run - // on any node in the cluster. - // - // scrapeInstanceKubernetes provides the default - // MetricsInstanceConfig Grafana Labs uses in production. - new(name='grafana-agent', namespace='default'):: { - local this = self, - - _mode:: 'daemonset', - _images:: $._images, - _config_hash:: true, - - local has_logs_config = std.objectHasAll(self, '_logs_config'), - local has_trace_config = std.objectHasAll(self, '_trace_config'), - local has_metrics_config = std.objectHasAll(self, '_metrics_config'), - local has_metrics_instances = std.objectHasAll(self, '_metrics_instances'), - local has_integrations = std.objectHasAll(self, '_integrations'), - local has_sampling_strategies = std.objectHasAll(self, '_traces_sampling_strategies'), - - local metrics_instances = - if has_metrics_instances then this._metrics_instances else [], - local host_filter_instances = utils.transformInstances(metrics_instances, true), - local etc_instances = utils.transformInstances(metrics_instances, false), - - config:: { - server: { - log_level: 'info', - }, - } + ( - if has_metrics_config - then { metrics: this._metrics_config { configs: host_filter_instances } } - else {} - ) + ( - if has_logs_config then { - logs: { - positions_directory: '/tmp/positions', - configs: [this._logs_config { - name: 'default', - }], - }, - } else {} - ) + ( - if has_trace_config then { - traces: { - configs: [this._trace_config { - name: 'default', - }], - }, - } - else {} - ) + ( - if has_integrations then { integrations: this._integrations } else {} - ), - - etc_config:: if has_metrics_config then this.config { - // Hide logs and integrations from our extra configs, we just want the - // scrape configs that wouldn't work for the DaemonSet. - metrics+: { - configs: std.map(function(cfg) cfg { host_filter: false }, etc_instances), - }, - logs:: {}, - traces:: {}, - integrations:: {}, - }, - - agent: - agent.newAgent(name, namespace, self._images.agent, self.config, use_daemonset=true) + - agent.withConfigHash(self._config_hash) + { - // If sampling strategies were defined, we need to mount them as a JSON - // file. - config_map+: - if has_sampling_strategies - then configMap.withDataMixin({ - 'strategies.json': std.toString(this._traces_sampling_strategies), - }) - else {}, - - // If we're deploying for tracing, applications will want to write to - // a service for load balancing span delivery. - service: - if has_trace_config - then k.util.serviceFor(self.agent) + service.mixin.metadata.withNamespace(namespace) - else {}, - } + ( - if has_logs_config then $.logsPermissionsMixin else {} - ) + ( - if has_integrations && std.objectHas(this._integrations, 'node_exporter') then $.integrationsMixin else {} - ), - - agent_etc: if std.length(etc_instances) > 0 then - agent.newAgent(name + '-etc', namespace, self._images.agent, self.etc_config, use_daemonset=false) + - agent.withConfigHash(self._config_hash), - }, - - // withImages sets the images used for launching the Agent. - // Keys supported: agent, agentctl - withImages(images):: { _images+: images }, - - // Includes or excludes the config hash annotation. - withConfigHash(include=true):: { _config_hash:: include }, - - // withPortsMixin adds extra ports to expose. - withPortsMixin(ports=[]):: { - agent+: { - container+:: container.withPortsMixin(ports), - }, - }, -} diff --git a/production/tanka/grafana-agent/v2/README.md b/production/tanka/grafana-agent/v2/README.md deleted file mode 100644 index 33c18cadeac7..000000000000 --- a/production/tanka/grafana-agent/v2/README.md +++ /dev/null @@ -1,84 +0,0 @@ -# Tanka Configs - -**STATUS**: Work in progress, use of these configs is not recommended for production. - -This directory contains the Tanka configs that we use to deploy the Grafana -Agent. It is marked as `v2` and is incompatible previous versions of the library -located in other directories. - -This library is currently a work in progress and backwards-incompatible changes -may occur. Once the library is considered complete, no further backwards -incompatible changes will be made. - -## Capabilities - -This library is significantly simplified over the `v0` and `v1` counterparts. -Since there are many ways to combine the various functionalities of the Grafana -Agent, the `v2` library aims to stay out of your way and provide optional composible -helpers that may be useful for some people. - -Users of the library will pick a controller for their deployment. They are -expected to know what feature are compatible with which controller: - -| Controller | Metrics | Logs | Traces | Integrations | -| ---------------- | ------------------- | --------- | ------ | ------------ | -| DaemonSet | If host filtering | Yes | Yes | No | -| Deployment | Yes | No | No | Yes | -| StatefulSet | Yes | No | No | Yes | - -Creating an incompatible deployment will cause runtime issues when running the -Agent (for example, if configuring Logs with a StatefulSet, you will only get -logs from the node the pods are running on). - -To get full coverage of features, you must create multiple deployments of the -library. You may wish to combine a StatefulSet for metrics and integrations, a -Deployment for Traces, and a DaemonSet for logs. - -## API - -## Generate Agent Deployment - -- `new(name='grafana-agent', namespace='')`: Create a new Agent without a - controller. -- `withDeploymentController(replicas=1)`: Attach a Deployment as the Agent - controller. Number of replicas may optionally be given. -- `withDaemonSetController()`: Attach a DaemonSet as the Agent controller. -- `withStatefulSetController(replicas=1, volumeClaims=[])`: Attach a StatefulSet - as the Agent controller. Number of replicas and a set of volume claim - templates may be given. - -## Generate Scraping Service Syncer - -The Scraping Service Syncer is used to sync metrics instance configs against the -scraping service config management API. - -- `newSyncer(name='grafana-agent-sycner', namespace='', config={})` - -## General - -- `withAgentConfig(config)`: Provide a custom Agent config. -- `withArgsMixin(config)`: Pass a map of additional flags to set. -- `withMetricsPort(port)`: Value for the `http-metrics` port (default 80) -- `withImagesMixin(images)`: Use custom images instead of the defaults. -- `withConfigHash(include=true)`: Whether to include a config hash annotation. -- `withPortsMixin(ports=[])`: Mixin ports from `k.core.v1.containerPort` against - the container and service. -- `withVolumesMixin(volumes=[])`: Volume to attach to the pod. -- `withVolumeMountsMixin(mounts=[])`: Volume mounts to attach to the container. - -## Helpers - -- `newKubernetesMetrics(config={})`: Creates a set of metrics scrape_configs for - collecting metrics from Kubernetes pods. -- `newKubernetesLogs(config={})`: Creates a set of logs scrape_configs for - collecting logs from Kubernetes pods. -- `newKubernetesTraces(config={})`: Creates a set of traces scrape_configs for - associating spans with metadata from discovered Kubernetes pods. -- `withLogVolumeMounts(config={})`: Adds volume mounts to the controller for collecting - logs. -- `withLogPermissions(config={})`: Runs the container as privileged and as the root user - so logs can be collected properly. -- `withService(config)`: Add a service for the deployment, statefulset, or daemonset. - Note that this must be called after any ports are added via `withPortsMixin`. - - diff --git a/production/tanka/grafana-agent/v2/internal/base.libsonnet b/production/tanka/grafana-agent/v2/internal/base.libsonnet deleted file mode 100644 index 6d697c93a3aa..000000000000 --- a/production/tanka/grafana-agent/v2/internal/base.libsonnet +++ /dev/null @@ -1,56 +0,0 @@ -function(name='grafana-agent', namespace='') { - local k = (import 'ksonnet-util/kausal.libsonnet') { _config+:: { namespace: namespace } }, - - local container = k.core.v1.container, - local configMap = k.core.v1.configMap, - local containerPort = k.core.v1.containerPort, - local policyRule = k.rbac.v1.policyRule, - local serviceAccount = k.core.v1.serviceAccount, - local envVar = k.core.v1.envVar, - - local this = self, - - _images:: { - agent: 'grafana/agent:v0.39.0', - agentctl: 'grafana/agentctl:v0.39.0', - }, - _config:: { - name: name, - namespace: namespace, - config_hash: true, - agent_config: '', - agent_port: 80, - agent_args: { - 'config.file': '/etc/agent/agent.yaml', - 'server.http.address': '0.0.0.0:80', - 'config.expand-env': 'true', - }, - }, - - rbac: k.util.rbac(name, [ - policyRule.withApiGroups(['']) + - policyRule.withResources(['nodes', 'nodes/proxy', 'services', 'endpoints', 'pods', 'events']) + - policyRule.withVerbs(['get', 'list', 'watch']), - - policyRule.withNonResourceUrls('/metrics') + - policyRule.withVerbs(['get']), - ]) { - service_account+: serviceAccount.mixin.metadata.withNamespace(namespace), - }, - - configMap: - configMap.new(name) + - configMap.mixin.metadata.withNamespace(namespace) + - configMap.withData({ - 'agent.yaml': k.util.manifestYaml(this._config.agent_config), - }), - - container:: - container.new(name, this._images.agent) + - container.withPorts(containerPort.new('http-metrics', this._config.agent_port)) + - container.withArgsMixin(k.util.mapToFlags(this._config.agent_args)) + - // `HOSTNAME` is required for promtail (logs) otherwise it will silently do nothing - container.withEnvMixin([ - envVar.fromFieldPath('HOSTNAME', 'spec.nodeName'), - ]), -} diff --git a/production/tanka/grafana-agent/v2/internal/controllers/daemonset.libsonnet b/production/tanka/grafana-agent/v2/internal/controllers/daemonset.libsonnet deleted file mode 100644 index 5e5f8880a2a4..000000000000 --- a/production/tanka/grafana-agent/v2/internal/controllers/daemonset.libsonnet +++ /dev/null @@ -1,22 +0,0 @@ -function() { - local this = self, - local _config = this._config, - local name = _config.name, - local namespace = _config.namespace, - - local k = (import 'ksonnet-util/kausal.libsonnet') { _config+:: this._config }, - local daemonSet = k.apps.v1.daemonSet, - - controller: - daemonSet.new(name, [this.container]) + - daemonSet.mixin.metadata.withNamespace(namespace) + - daemonSet.mixin.spec.template.spec.withServiceAccountName(name) + - ( - if _config.config_hash - then daemonSet.mixin.spec.template.metadata.withAnnotationsMixin({ - config_hash: std.md5(std.toString(_config.agent_config)), - }) - else {} - ) + - k.util.configVolumeMount(name, '/etc/agent'), -} diff --git a/production/tanka/grafana-agent/v2/internal/controllers/deployment.libsonnet b/production/tanka/grafana-agent/v2/internal/controllers/deployment.libsonnet deleted file mode 100644 index 5afbe9923118..000000000000 --- a/production/tanka/grafana-agent/v2/internal/controllers/deployment.libsonnet +++ /dev/null @@ -1,22 +0,0 @@ -function(replicas=1) { - local this = self, - local _config = this._config, - local name = _config.name, - local namespace = _config.namespace, - - local k = (import 'ksonnet-util/kausal.libsonnet') { _config+:: this._config }, - local deployment = k.apps.v1.deployment, - - controller: - deployment.new(name, replicas, [this.container]) + - deployment.mixin.metadata.withNamespace(namespace) + - deployment.mixin.spec.template.spec.withServiceAccountName(name) + - ( - if _config.config_hash - then deployment.mixin.spec.template.metadata.withAnnotationsMixin({ - config_hash: std.md5(std.toString(_config.agent_config)), - }) - else {} - ) + - k.util.configVolumeMount(name, '/etc/agent'), -} diff --git a/production/tanka/grafana-agent/v2/internal/controllers/statefulset.libsonnet b/production/tanka/grafana-agent/v2/internal/controllers/statefulset.libsonnet deleted file mode 100644 index d80cab383bc5..000000000000 --- a/production/tanka/grafana-agent/v2/internal/controllers/statefulset.libsonnet +++ /dev/null @@ -1,23 +0,0 @@ -function(replicas=1, volumeClaims=[]) { - local this = self, - local _config = this._config, - local name = _config.name, - local namespace = _config.namespace, - - local k = (import 'ksonnet-util/kausal.libsonnet') { _config+:: this._config }, - local statefulSet = k.apps.v1.statefulSet, - - controller: - statefulSet.new(name, replicas, [this.container], volumeClaims) + - statefulSet.mixin.metadata.withNamespace(namespace) + - statefulSet.mixin.spec.withServiceName(name) + - statefulSet.mixin.spec.template.spec.withServiceAccountName(name) + - ( - if _config.config_hash - then statefulSet.mixin.spec.template.metadata.withAnnotationsMixin({ - config_hash: std.md5(std.toString(_config.agent_config)), - }) - else {} - ) + - k.util.configVolumeMount(name, '/etc/agent'), -} diff --git a/production/tanka/grafana-agent/v2/internal/helpers/k8s.libsonnet b/production/tanka/grafana-agent/v2/internal/helpers/k8s.libsonnet deleted file mode 100644 index 5ae43c901a6c..000000000000 --- a/production/tanka/grafana-agent/v2/internal/helpers/k8s.libsonnet +++ /dev/null @@ -1,523 +0,0 @@ -local k8s_tls_config(config) = { - tls_config: { - ca_file: '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt', - insecure_skip_verify: config.insecure_skip_verify, - }, - bearer_token_file: '/var/run/secrets/kubernetes.io/serviceaccount/token', -}; - -local gen_scrape_config(job_name, pod_uid) = { - job_name: job_name, - pipeline_stages: [{ - docker: {}, - }], - kubernetes_sd_configs: [{ - role: 'pod', - }], - - relabel_configs: self.prelabel_config + [ - // Only scrape local pods; Promtail will drop targets with a __host__ label - // that does not match the current host name. - { - source_labels: ['__meta_kubernetes_pod_node_name'], - target_label: '__host__', - }, - - // Drop pods without a __service__ label. - { - source_labels: ['__service__'], - action: 'drop', - regex: '', - }, - - // Include all the other labels on the pod. - // Perform this mapping before applying additional label replacement rules - // to prevent a supplied label from overwriting any of the following labels. - { - action: 'labelmap', - regex: '__meta_kubernetes_pod_label_(.+)', - }, - - // Rename jobs to be /. - { - source_labels: ['__meta_kubernetes_namespace', '__service__'], - action: 'replace', - separator: '/', - target_label: 'job', - replacement: '$1', - }, - - // But also include the namespace, pod, container as separate - // labels. They uniquely identify a container. They are also - // identical to the target labels configured in Prometheus - // (but note that Loki does not use an instance label). - { - source_labels: ['__meta_kubernetes_namespace'], - action: 'replace', - target_label: 'namespace', - }, - { - source_labels: ['__meta_kubernetes_pod_name'], - action: 'replace', - target_label: 'pod', // Not 'pod_name', which disappeared in K8s 1.16. - }, - { - source_labels: ['__meta_kubernetes_pod_container_name'], - action: 'replace', - target_label: 'container', // Not 'container_name', which disappeared in K8s 1.16. - }, - - // Kubernetes puts logs under subdirectories keyed pod UID and container_name. - { - source_labels: [pod_uid, '__meta_kubernetes_pod_container_name'], - target_label: '__path__', - separator: '/', - replacement: '/var/log/pods/*$1/*.log', - }, - ], -}; - -{ - metrics(config):: - local _config = { - scrape_api_server_endpoints: false, - insecure_skip_verify: false, - - cluster_dns_tld: 'local', - cluster_dns_suffix: 'cluster.' + self.cluster_dns_tld, - kubernetes_api_server_address: 'kubernetes.default.svc.%(cluster_dns_suffix)s:443' % self, - - ksm_namespace: 'kube-system', - node_exporter_namespace: 'kube-system', - } + config; - - [ - k8s_tls_config(_config) { - job_name: 'default/kubernetes', - kubernetes_sd_configs: [{ - role: if _config.scrape_api_server_endpoints then 'endpoints' else 'service', - }], - scheme: 'https', - tls_config+: { - server_name: 'kubernetes', - }, - - relabel_configs: [{ - source_labels: ['__meta_kubernetes_service_label_component'], - regex: 'apiserver', - action: 'keep', - }], - - // Keep limited set of metrics to reduce default usage, drop all others - metric_relabel_configs: [ - { - source_labels: ['__name__'], - regex: 'workqueue_queue_duration_seconds_bucket|process_cpu_seconds_total|process_resident_memory_bytes|workqueue_depth|rest_client_request_duration_seconds_bucket|workqueue_adds_total|up|rest_client_requests_total|apiserver_request_total|go_goroutines', - action: 'keep', - }, - ], - }, - - { - job_name: 'kubernetes-pods', - kubernetes_sd_configs: [{ - role: 'pod', - }], - - // You can specify the following annotations (on pods): - // prometheus.io/scrape: false - don't scrape this pod - // prometheus.io/scheme: https - use https for scraping - // prometheus.io/port - scrape this port - // prometheus.io/path - scrape this path - // prometheus.io/param- - send ?parameter=value with the scrape - relabel_configs: [ - // Drop anything annotated with prometheus.io/scrape=false - { - source_labels: ['__meta_kubernetes_pod_annotation_prometheus_io_scrape'], - action: 'drop', - regex: 'false', - }, - - // Drop any endpoint whose pod port name does not end with metrics - { - source_labels: ['__meta_kubernetes_pod_container_port_name'], - action: 'keep', - regex: '.*-metrics', - }, - - // Allow pods to override the scrape scheme with prometheus.io/scheme=https - { - source_labels: ['__meta_kubernetes_pod_annotation_prometheus_io_scheme'], - action: 'replace', - target_label: '__scheme__', - regex: '(https?)', - replacement: '$1', - }, - - // Allow service to override the scrape path with prometheus.io/path=/other_metrics_path - { - source_labels: ['__meta_kubernetes_pod_annotation_prometheus_io_path'], - action: 'replace', - target_label: '__metrics_path__', - regex: '(.+)', - replacement: '$1', - }, - - // Allow services to override the scrape port with prometheus.io/port=1234 - { - source_labels: ['__address__', '__meta_kubernetes_pod_annotation_prometheus_io_port'], - action: 'replace', - target_label: '__address__', - regex: '(.+?)(\\:\\d+)?;(\\d+)', - replacement: '$1:$3', - }, - - // Drop pods without a name label - { - source_labels: ['__meta_kubernetes_pod_label_name'], - action: 'drop', - regex: '', - }, - - // Rename jobs to be / - { - source_labels: ['__meta_kubernetes_namespace', '__meta_kubernetes_pod_label_name'], - action: 'replace', - separator: '/', - target_label: 'job', - replacement: '$1', - }, - - // But also include the namespace as a separate label for routing alerts - { - source_labels: ['__meta_kubernetes_namespace'], - action: 'replace', - target_label: 'namespace', - }, - { - source_labels: ['__meta_kubernetes_pod_name'], - action: 'replace', - target_label: 'pod', // Not 'pod_name', which disappeared in K8s 1.16. - }, - { - source_labels: ['__meta_kubernetes_pod_container_name'], - action: 'replace', - target_label: 'container', // Not 'container_name', which disappeared in K8s 1.16. - }, - - // Rename instances to the concatenation of pod:container:port. - // All three components are needed to guarantee a unique instance label. - { - source_labels: [ - '__meta_kubernetes_pod_name', - '__meta_kubernetes_pod_container_name', - '__meta_kubernetes_pod_container_port_name', - ], - action: 'replace', - separator: ':', - target_label: 'instance', - }, - - // Map prometheus.io/param-=value fields to __param_=value - { - regex: '__meta_kubernetes_pod_annotation_prometheus_io_param_(.+)', - action: 'labelmap', - replacement: '__param_$1', - }, - - // Drop pods with phase Succeeded or Failed - { - source_labels: ['__meta_kubernetes_pod_phase'], - action: 'drop', - regex: 'Succeeded|Failed', - }, - ], - }, - - // A separate scrape config for kube-state-metrics which doesn't add a - // namespace label and instead takes the namespace label from the exported - // timeseries. This prevents the exported namespace label from being - // renamed to exported_namesapce and allows us to route alerts based on - // namespace. - { - job_name: '%s/kube-state-metrics' % _config.ksm_namespace, - kubernetes_sd_configs: [{ - role: 'pod', - namespaces: { - names: [_config.ksm_namespace], - }, - }], - - relabel_configs: [ - // Drop anything whose service is not kube-state-metrics - { - source_labels: ['__meta_kubernetes_pod_label_name'], - regex: 'kube-state-metrics', - action: 'keep', - }, - - // Rename instances to the concatenation of pod:container:port. - // In the specific case of KSM, we could leave out the container - // name and still have a unique instance label, but we leave it - // in here for consistency with the normal pod scraping. - { - source_labels: [ - '__meta_kubernetes_pod_name', - '__meta_kubernetes_pod_container_name', - '__meta_kubernetes_pod_container_port_name', - ], - action: 'replace', - separator: ':', - target_label: 'instance', - }, - ], - }, - - // A separate scrape config for node-exporter which maps the node name - // onto the instance label. - { - job_name: '%s/node-exporter' % _config.node_exporter_namespace, - kubernetes_sd_configs: [{ - role: 'pod', - namespaces: { - names: [_config.node_exporter_namespace], - }, - }], - - relabel_configs: [ - // Drop anything whose name is not node-exporter. - { - source_labels: ['__meta_kubernetes_pod_label_name'], - regex: 'node-exporter', - action: 'keep', - }, - - // Rename instances to be the node name. - { - source_labels: ['__meta_kubernetes_pod_node_name'], - action: 'replace', - target_label: 'instance', - }, - - // But also include the namespace as a separate label, for - // routing alerts. - { - source_labels: ['__meta_kubernetes_namespace'], - action: 'replace', - target_label: 'namespace', - }, - ], - }, - - // This scrape config gathers all kubelet metrics. - k8s_tls_config(_config) { - job_name: 'kube-system/kubelet', - kubernetes_sd_configs: [{ role: 'node' }], - - relabel_configs: [ - { - target_label: '__address__', - replacement: _config.kubernetes_api_server_address, - }, - { - target_label: '__scheme__', - replacement: 'https', - }, - { - source_labels: ['__meta_kubernetes_node_name'], - regex: '(.+)', - target_label: '__metrics_path__', - replacement: '/api/v1/nodes/$1/proxy/metrics', - }, - ], - }, - - // As of k8s 1.7.3, cAdvisor metrics are available via kubelet using the - // /metrics/cadvisor path. - k8s_tls_config(_config) { - job_name: 'kube-system/cadvisor', - kubernetes_sd_configs: [{ - role: 'node', - }], - scheme: 'https', - - relabel_configs: [ - { - target_label: '__address__', - replacement: _config.kubernetes_api_server_address, - }, - { - source_labels: ['__meta_kubernetes_node_name'], - regex: '(.+)', - target_label: '__metrics_path__', - replacement: '/api/v1/nodes/$1/proxy/metrics/cadvisor', - }, - ], - - metric_relabel_configs: [ - // Let system processes like kubelet survive the next rule by giving them a fake image. - { - source_labels: ['__name__', 'id'], - regex: 'container_([a-z_]+);/system.slice/(.+)', - target_label: 'image', - replacement: '$2', - }, - - // Drop container_* metrics with no image. - { - source_labels: ['__name__', 'image'], - regex: 'container_([a-z_]+);', - action: 'drop', - }, - - // Drop a bunch of metrics which are disabled but still sent, - // see https://github.com/google/cadvisor/issues/1925. - { - source_labels: ['__name__'], - regex: 'container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s)', - action: 'drop', - }, - ], - }, - ], - - logs(config={}):: [ - // Scrape config to scrape any pods with a 'name' label. - gen_scrape_config('kubernetes-pods-name', '__meta_kubernetes_pod_uid') { - prelabel_config:: [ - // Use name label as __service__. - { - source_labels: ['__meta_kubernetes_pod_label_name'], - target_label: '__service__', - }, - ], - }, - - // Scrape config to scrape any pods with an 'app' label. - gen_scrape_config('kubernetes-pods-app', '__meta_kubernetes_pod_uid') { - prelabel_config:: [ - // Drop pods with a 'name' label. They will have already been added by - // the scrape_config that matches on the 'name' label - { - source_labels: ['__meta_kubernetes_pod_label_name'], - action: 'drop', - regex: '.+', - }, - - // Use app label as the __service__. - { - source_labels: ['__meta_kubernetes_pod_label_app'], - target_label: '__service__', - }, - ], - }, - - // Scrape config to scrape any pods with a direct controller (eg - // StatefulSets). - gen_scrape_config('kubernetes-pods-direct-controllers', '__meta_kubernetes_pod_uid') { - prelabel_config:: [ - // Drop pods with a 'name' or 'app' label. They will have already been added by - // the scrape_config that matches above. - { - source_labels: ['__meta_kubernetes_pod_label_name', '__meta_kubernetes_pod_label_app'], - separator: '', - action: 'drop', - regex: '.+', - }, - - // Drop pods with an indirect controller. eg Deployments create replicaSets - // which then create pods. - { - source_labels: ['__meta_kubernetes_pod_controller_name'], - action: 'drop', - regex: '[0-9a-z-.]+-[0-9a-f]{8,10}', - }, - - // Use controller name as __service__. - { - source_labels: ['__meta_kubernetes_pod_controller_name'], - target_label: '__service__', - }, - ], - }, - - // Scrape config to scrape any pods with an indirect controller (eg - // Deployments). - gen_scrape_config('kubernetes-pods-indirect-controller', '__meta_kubernetes_pod_uid') { - prelabel_config:: [ - // Drop pods with a 'name' or 'app' label. They will have already been added by - // the scrape_config that matches above. - { - source_labels: ['__meta_kubernetes_pod_label_name', '__meta_kubernetes_pod_label_app'], - separator: '', - action: 'drop', - regex: '.+', - }, - - // Drop pods not from an indirect controller. eg StatefulSets, DaemonSets - { - source_labels: ['__meta_kubernetes_pod_controller_name'], - regex: '[0-9a-z-.]+-[0-9a-f]{8,10}', - action: 'keep', - }, - - // Put the indirect controller name into a temp label. - { - source_labels: ['__meta_kubernetes_pod_controller_name'], - action: 'replace', - regex: '([0-9a-z-.]+)-[0-9a-f]{8,10}', - target_label: '__service__', - }, - ], - }, - - // Scrape config to scrape any control plane static pods (e.g. kube-apiserver - // etcd, kube-controller-manager & kube-scheduler) - gen_scrape_config('kubernetes-pods-static', '__meta_kubernetes_pod_annotation_kubernetes_io_config_mirror') { - prelabel_config:: [ - // Ignore pods that aren't mirror pods - { - action: 'drop', - source_labels: ['__meta_kubernetes_pod_annotation_kubernetes_io_config_mirror'], - regex: '', - }, - - // Static control plane pods usually have a component label that identifies them - { - action: 'replace', - source_labels: ['__meta_kubernetes_pod_label_component'], - target_label: '__service__', - }, - ], - }, - ], - - traces(config={}):: [ - { - bearer_token_file: '/var/run/secrets/kubernetes.io/serviceaccount/token', - job_name: 'kubernetes-pods', - kubernetes_sd_configs: [{ role: 'pod' }], - relabel_configs: [ - { - action: 'replace', - source_labels: ['__meta_kubernetes_namespace'], - target_label: 'namespace', - }, - { - action: 'replace', - source_labels: ['__meta_kubernetes_pod_name'], - target_label: 'pod', - }, - { - action: 'replace', - source_labels: ['__meta_kubernetes_pod_container_name'], - target_label: 'container', - }, - ], - tls_config: { - ca_file: '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt', - insecure_skip_verify: false, - }, - }, - ], -} diff --git a/production/tanka/grafana-agent/v2/internal/helpers/logs.libsonnet b/production/tanka/grafana-agent/v2/internal/helpers/logs.libsonnet deleted file mode 100644 index 30a88b899d5a..000000000000 --- a/production/tanka/grafana-agent/v2/internal/helpers/logs.libsonnet +++ /dev/null @@ -1,27 +0,0 @@ -local k = import 'ksonnet-util/kausal.libsonnet'; -local container = k.core.v1.container; - -{ - volumeMounts(config={}):: { - // Disable journald mount by default - local _config = { - journald: false, - } + config, - - controller+: - // For reading docker containers. /var/log is used for the positions file - // and shouldn't be set to readonly. - k.util.hostVolumeMount('varlog', '/var/log', '/var/log') + - k.util.hostVolumeMount('varlibdockercontainers', '/var/lib/docker/containers', '/var/lib/docker/containers', readOnly=true) + - - // For reading journald - if _config.journald == false then {} - else k.util.hostVolumeMount('etcmachineid', '/etc/machine-id', '/etc/machine-id', readOnly=true), - }, - - permissions(config={}):: { - container+:: - container.mixin.securityContext.withPrivileged(true) + - container.mixin.securityContext.withRunAsUser(0), - }, -} diff --git a/production/tanka/grafana-agent/v2/internal/helpers/service.libsonnet b/production/tanka/grafana-agent/v2/internal/helpers/service.libsonnet deleted file mode 100644 index 08f6502fa8ef..000000000000 --- a/production/tanka/grafana-agent/v2/internal/helpers/service.libsonnet +++ /dev/null @@ -1,13 +0,0 @@ -local k = import 'ksonnet-util/kausal.libsonnet'; -local svc = k.core.v1.service; - -{ - service(config={}):: { - local this = self, - local _config = this._config, - - controller_service: - k.util.serviceFor(this.controller) + - svc.mixin.metadata.withNamespace(_config.namespace), - }, -} diff --git a/production/tanka/grafana-agent/v2/internal/syncer.libsonnet b/production/tanka/grafana-agent/v2/internal/syncer.libsonnet deleted file mode 100644 index 79409f65f310..000000000000 --- a/production/tanka/grafana-agent/v2/internal/syncer.libsonnet +++ /dev/null @@ -1,62 +0,0 @@ -local k = import 'ksonnet-util/kausal.libsonnet'; - -local cronJob = k.batch.v1.cronJob; -local configMap = k.core.v1.configMap; -local container = k.core.v1.container; -local deployment = k.apps.v1.deployment; -local volumeMount = k.core.v1.volumeMount; -local volume = k.core.v1.volume; - -function( - name='grafana-agent-syncer', - namespace='', - config={}, -) { - local _config = { - api: error 'api must be set', - image: 'grafana/agentctl:v0.39.0', - schedule: '*/5 * * * *', - configs: [], - } + config, - - local this = self, - local _configs = std.foldl( - function(agg, cfg) - // Sanitize the name and remove / so every file goes into the same - // folder. - local name = std.strReplace(cfg.name, '/', '_'); - - agg { ['%s.yml' % name]: k.util.manifestYaml(cfg) }, - _config.configs, - {}, - ), - - configMap: - configMap.new(name) + - configMap.mixin.metadata.withNamespace(namespace) + - configMap.withData(_configs), - - container:: - container.new(name, _config.image) + - container.withArgsMixin([ - 'config-sync', - '--addr=%s' % _config.api, - '/etc/configs', - ]) + - container.withVolumeMounts(volumeMount.new(name, '/etc/configs')), - - job: - cronJob.new(name, _config.schedule, this.container) + - cronJob.mixin.metadata.withNamespace(namespace) + - cronJob.mixin.spec.withSuccessfulJobsHistoryLimit(1) + - cronJob.mixin.spec.withFailedJobsHistoryLimit(3) + - cronJob.mixin.spec.jobTemplate.spec.template.spec.withRestartPolicy('OnFailure') + - cronJob.mixin.spec.jobTemplate.spec.template.spec.withActiveDeadlineSeconds(600) + - cronJob.mixin.spec.jobTemplate.spec.withTtlSecondsAfterFinished(120) + - cronJob.mixin.spec.jobTemplate.spec.template.spec.withVolumes([ - volume.fromConfigMap( - name=name, - configMapName=this.configMap.metadata.name, - ), - ]), -} diff --git a/production/tanka/grafana-agent/v2/main.libsonnet b/production/tanka/grafana-agent/v2/main.libsonnet deleted file mode 100644 index 71a8e4b69f6d..000000000000 --- a/production/tanka/grafana-agent/v2/main.libsonnet +++ /dev/null @@ -1,50 +0,0 @@ -local k = import 'ksonnet-util/kausal.libsonnet'; -local container = k.core.v1.container; -local podTemplateSpec = k.core.v1.podTemplateSpec.spec; - -{ - new(name='grafana-agent', namespace=''):: - (import './internal/base.libsonnet')(name, namespace), - - // Controllers - withDeploymentController(replicas=1):: - (import './internal/controllers/deployment.libsonnet')(replicas), - withDaemonSetController():: - (import './internal/controllers/daemonset.libsonnet')(), - withStatefulSetController(replicas=1, volumeClaims=[]):: - (import './internal/controllers/statefulset.libsonnet')(replicas, volumeClaims), - - // Syncer - newSyncer(name='grafana-agent-syncer', namespace='', config={}):: - (import './internal/syncer.libsonnet')(name, namespace, config), - - // General - withAgentConfig(config):: { _config+: { agent_config: config } }, - withMetricsPort(port):: { _config+: { agent_port: port } }, - withArgsMixin(args):: { _config+: { agent_args+: args } }, - withImagesMixin(images):: { _images+: images }, - withConfigHash(include=true):: { _config+: { config_hash: include } }, - withPortsMixin(ports=[]):: { container+:: container.withPortsMixin(ports) }, - withVolumeMountsMixin(mounts=[]):: { container+:: container.withVolumeMountsMixin(mounts) }, - withVolumesMixin(volumes=[]):: { - controller+: { - spec+: { - template+: podTemplateSpec.withVolumesMixin(volumes), - }, - }, - }, - - // Helpers - newKubernetesMetrics(config={}):: - (import './internal/helpers/k8s.libsonnet').metrics(config), - newKubernetesLogs(config={}):: - (import './internal/helpers/k8s.libsonnet').logs(config), - newKubernetesTraces(config={}):: - (import './internal/helpers/k8s.libsonnet').traces(config), - withLogVolumeMounts(config={}):: - (import './internal/helpers/logs.libsonnet').volumeMounts(config), - withLogPermissions(config={}):: - (import './internal/helpers/logs.libsonnet').permissions(config), - withService(config={}):: - (import './internal/helpers/service.libsonnet').service(config), -} diff --git a/tools/generate-crds.bash b/tools/generate-crds.bash index f4280c05a638..4a46f884c657 100755 --- a/tools/generate-crds.bash +++ b/tools/generate-crds.bash @@ -6,18 +6,18 @@ ROOT=$(git rev-parse --show-toplevel) # Generate objects and controllers for our CRDs cd $ROOT/pkg/operator/apis/monitoring/v1alpha1 controller-gen object paths=. -controller-gen crd:crdVersions=v1 paths=. output:crd:dir=$ROOT/production/operator/crds +controller-gen crd:crdVersions=v1 paths=. output:crd:dir=$ROOT/operations/agent-static-operator/crds # Generate CRDs for prometheus-operator. PROM_OP_DEP_NAME="github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" PROM_OP_DIR=$(go list -f '{{.Dir}}' $PROM_OP_DEP_NAME) cd $PROM_OP_DIR -controller-gen crd:crdVersions=v1 paths=. output:crd:dir=$ROOT/production/operator/crds +controller-gen crd:crdVersions=v1 paths=. output:crd:dir=$ROOT/operations/agent-static-operator/crds # Remove known Prometheus-Operator CRDS we don't generate. (An allowlist would # be better here, but rfratto's bash skills are bad.) -rm -f $ROOT/production/operator/crds/monitoring.coreos.com_alertmanagers.yaml -rm -f $ROOT/production/operator/crds/monitoring.coreos.com_prometheuses.yaml -rm -f $ROOT/production/operator/crds/monitoring.coreos.com_prometheusrules.yaml -rm -f $ROOT/production/operator/crds/monitoring.coreos.com_thanosrulers.yaml +rm -f $ROOT/operations/agent-static-operator/crds/monitoring.coreos.com_alertmanagers.yaml +rm -f $ROOT/operations/agent-static-operator/crds/monitoring.coreos.com_prometheuses.yaml +rm -f $ROOT/operations/agent-static-operator/crds/monitoring.coreos.com_prometheusrules.yaml +rm -f $ROOT/operations/agent-static-operator/crds/monitoring.coreos.com_thanosrulers.yaml